Researchers found a way to get around a security measure in Microsoft 365, making it more likely for users to open harmful emails. Outlook has a hidden anti-phishing measure called the ‘First Contact Safety Tip.’ It warns recipients when they receive an email from an unfamiliar address.
Outlook displays an alert when a user receives an email from an unfamiliar address. The alert message says “You don’t often get email from [email protected]. Learn why this is important”. Microsoft refers to this as the First Contact Safety Tip. It is one of the anti-phishing measures provided by Exchange Online Protection (EOP) and Microsoft Defender for organizations using Office 365.
You can change how the First Contact Safety Tip is displayed in an HTML email by using CSS style tags.
Researchers at Fortinet unveiled hackers to exploit GeoServer RCE vulnerability deploying malware relating to the vulnerability tracked as “CVE-2024-36401, has...
Progress Software released an emergency fix for a critical vulnerability (10/10) in its Loadmaster and LoadMaster Multi-Tenant Hypervisor products, which...
CISCO released security updates for two critical security flaws impacting its smart Licensing Utility that could allow unauthenticated, remote attackers...
OpenBAS is a platform that helps organizations to plan, schedule, and conduct crisis exercises, adversary simulations, and breach simulations. OpenBAS...
Indian Computer Emergency Response Team (CERT-IN) issued advisories about multiple vulnerabilities in various Palo Alto Networks applications. Attackers could exploit...
To hide the First Contact Safety Tip in an HTML email, we can change the background and font colors to white. This will make the alert effectively invisible to the end user.
<head> </head> <head> <style> a { display: none; } td div { color: white; font-size: 0px; } table tbody tr td { background-color: white !important; color: white !important; } </style> </head>
…[SNIP]…
By using this HTML code in an e-mail, the alert does not show up in the email body anymore!
Note that the e-mail preview (highlighted in red) still begins with the Safety Tip.
Responsible Disclosure:
After developing a proof of concept, and preparing an advisory, we made Microsoft aware of these issues through the Microsoft Researcher Portal (MSRC). Microsoft chose to not address this behavior for now: (Click here to read the full report)