Geeks for your information Security Security Vendors Heimdal Security Heimdal Security Blog Articles v
Email Warnings Can Be Hidden by Attackers with the Use of HTML and CSS
Email Warnings Can Be Hidden by Attackers with the Use of HTML and CSS
harlan4096 Offline
MalWare Zoo Team
*******
Posts: 16,304
Threads: 10,319
Thanks Received: 9,367 in 7,513 posts
Thanks Given: 10,349
Joined: 12 September 18
#1
Bug  23 April 21, 08:47
Quote:
[Image: Heimdal-Security-News-and-Updates-1030x360-6.png]

The Warnings Shown to Email Recipients Can Be Hidden, Attackers Being Able to Alter The “External Sender” Warning, or Remove It From Emails.

This action is problematic in itself taking into consideration that phishing actors and scammers can simply include the HTML and CSS code in outgoing emails and in this way tamper with the wording of the warning message or make it disappear altogether.

The email security products such as enterprise email gateways are usually configured to display the “external sender” warning to a recipient when an email arrives from outside of the organization, in order to be able to protect the users against phishing and scam emails coming from untrusted sources.

Recently a researcher has demonstrated a simple way in which email senders can bypass this protection, with only adding a few lines of HTML and CSS code, researcher Louis Dion-Marcil showed how an external sender could hide the specific warning.

https://twitter.com/ldionmarcil/status/1...tackers%2F

This is happening because email security products and gateways are intercepting and scanning incoming emails for suspicious content just by injecting the “external sender” warning as an HTML/CSS code snippet in the email body itself, unlike the UI of the native email client that is displaying the message.

This means that an attacker-crafted email containing CSS instructions to override the warning snippet’s CSS code can make the warning disappear altogether.

Another cybersecurity researcher alluded to being also aware of this behavior and implied that an attacker could easily exploit this flaw to alter the warning message:

“You could even fake HTML and CSS to [sic] instead of hiding it, indicating the content was scanned and deemed safe,” Jean Maes said in the same thread.

https://twitter.com/ldionmarcil/status/1...tackers%2F

It is not important whether an email contains the “external sender” warning, or seems perfectly “safe”. You should still be careful when opening any links or attachments contained in the emails you receive in order to remain safe from cyberattacks.

If you want to learn more on how to protect yourself from email scams, you can read our article on Email Fraud Prevention here.
...
Continue Reading
Find
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)
[-]
Welcome
You have to register before you can post on our site.

Username/Email:


Password:

[-]
Recent Posts
Sysinternals Suite 07.05.2026
Sysinternals Suite...harlan4096 — 07:42
Tor Browser 15.0.13
Tor Browser 15.0.1...harlan4096 — 07:39
K-Lite Codec Pack 19.7.0 / 19.7.0 Update
Changes in 19.7.0:...harlan4096 — 07:39
Microsoft Edge 148.0.3967.54
Version 148.0.3967...harlan4096 — 07:37
AdGuard Browser Extension 5.4.1.3
AdGuard Browser Ex...harlan4096 — 07:35

[-]
Birthdays
Today's Birthdays
avatar (41)iruqi
avatar (42)saitetib
avatar (36)ypasodiny
Upcoming Birthdays
avatar (28)akiratoriyama
avatar (48)Jerrycix
avatar (40)awedoli
avatar (82)WinRARHowTo
avatar (38)owysykan
avatar (49)beautgok
avatar (39)axuben
avatar (45)talsmanthago
avatar (31)mocetor
avatar (46)piomaibhaict
avatar (51)kingbfef
avatar (38)izenesiq
avatar (40)ihijudu
avatar (45)tiojusop
avatar (42)Damiennug
avatar (40)acoraxe
avatar (49)contjrat
avatar (41)axylisyb
avatar (44)tukrublape
avatar (39)omapek
avatar (48)Geraldtuh
avatar (44)knigiJow
avatar (46)1stOnecal
avatar (50)Mirzojap
avatar (36)idilysaju
avatar (40)GregoryRog
avatar (45)mediumog
avatar (40)odukoromu
avatar (46)Joanna4589

[-]
Online Staff
There are no staff members currently online.

>