A new security alert for Microsoft Outlook says users are in danger of opening malicious emails. This is related to anti-phishing tools on Microsoft 365 getting bypassed easily.
Experts claim users are receiving warnings to be extra careful when they receive emails from sources that aren’t familiar. The news comes to us thanks to research experts from Certitude who explained how the safety measures are being exploited as tools fail to perform at optimal levels. This gives rise to cybercriminals targeting victims easily through dangerous mail.
The team spoke about how it made reports about the findings to software giant Microsoft but it failed to address the matter publicly. This means more people are still at risk.
The flaw is present in the First Contact Safety Tip where pop-up alerts come when users get emails from unreliable addresses. The common opening line is, ‘You don’t often get an email from XYZ. Learn why it’s important was found in most instances.
The alert is usually seen in the body’s middle part but experts warn it could be manipulated through CSS in the message’s body. Meanwhile, the security experts also highlighted how anchor tags are disguised so users don’t display any alerts when links are added. Both font colors, styles, and sizes are changed to further prevent detection. It’s almost impossible to tell the difference.
The addition of HTML codes that spoof Outlook icons also makes it appear more secure. This is why more victims fall into the trap, experts explained.
Microsoft was informed about all the recent findings. As a response, the software giant says they do consider the findings valid but does not feel it’s an immediate or urgent concern that needs to be acted upon right now. Their justification was related to their relation to phishing attacks only.
Read next: Apple Makes Mega Accessibility Breakthrough With Advanced Voice Control Feature In New iPhone and Mac
Experts claim users are receiving warnings to be extra careful when they receive emails from sources that aren’t familiar. The news comes to us thanks to research experts from Certitude who explained how the safety measures are being exploited as tools fail to perform at optimal levels. This gives rise to cybercriminals targeting victims easily through dangerous mail.
The team spoke about how it made reports about the findings to software giant Microsoft but it failed to address the matter publicly. This means more people are still at risk.
The flaw is present in the First Contact Safety Tip where pop-up alerts come when users get emails from unreliable addresses. The common opening line is, ‘You don’t often get an email from XYZ. Learn why it’s important was found in most instances.
The alert is usually seen in the body’s middle part but experts warn it could be manipulated through CSS in the message’s body. Meanwhile, the security experts also highlighted how anchor tags are disguised so users don’t display any alerts when links are added. Both font colors, styles, and sizes are changed to further prevent detection. It’s almost impossible to tell the difference.
The addition of HTML codes that spoof Outlook icons also makes it appear more secure. This is why more victims fall into the trap, experts explained.
Microsoft was informed about all the recent findings. As a response, the software giant says they do consider the findings valid but does not feel it’s an immediate or urgent concern that needs to be acted upon right now. Their justification was related to their relation to phishing attacks only.
Read next: Apple Makes Mega Accessibility Breakthrough With Advanced Voice Control Feature In New iPhone and Mac
