Microsoft Outlook users are at risk of falling victim to phishing attacks due to a vulnerability in the email client’s anti-phishing measures. A report by Certitude researchers William Moody and Wolfgang Ettlinger revealed that the “First Contact Safety Tip” feature in Outlook can be easily bypassed using Cascading Style Sheets (CSS).
• The “First Contact Safety Tip” feature can be hidden using CSS rules that change the font color to white and font size to zero.
• The vulnerability allows attackers to send phishing emails without the alert warning the victim.
• The attack can also make a phishing message appear more secure by adding HTML code that spoofs official Microsoft Outlook icons.
Microsoft has acknowledged the vulnerability but has chosen not to address it immediately. This leaves Outlook users vulnerable to phishing attacks. **Users are advised to exercise extra caution when opening emails from unfamiliar sources.**