Phishing Alert: Criminals Have Recently Found a Way To Remove Your Company’s E-Mail Warning Banners (e.g., ‘Email Received From an Outside Sender’)


Does your company e-mail provide a warning banner when you receive e-mail from a sender outside your company? Specifically, this banner is displayed prominently and states something along the lines of, “WARNING, THIS EMAIL RECEIVED FROM AN OUTSIDE SENDER”. 

Most likely, it does.. This is a very common security alert that is meant to notify you when you are being phished by an external sender who is acting like an internal member of your company. Well, guess what; there are ways now for attackers to turn that message off when you open your e-mail.

The warning you receive in your e-mail is basically just HTML – injected in a small table and filled with color – and the warning sign. To remove this requires only some minimal code changes to CSS styling. Specifically, the way CSS styling works is that there are overall type styling declarations in the header. By changing the “display:none” tag, this banner can be removed.

A bit of good news is that you can still see the warning in the preview pane before you open the e-mail. However, you will not see the warning when you open your e-mail. BW Cyber firmly believes we will be seeing more and more phishing attacks using this attack technique to get past people’s assumption that their warning banner will alert them to phishing emails received from an outside sender.