I am getting this phishing email with an HTM attachment, BASE64 encoded of course, which then contains a webform with all assets, all parts BASE64 encoded. The form attempts to phish my password.
The Outlook.com spam filter does not recognize this blatant phish and delivers it as a legit email. I chose to report this phishing attempt so that Outlook.com recognizes this for future such emails.
Outlook chooses to put the sender on the blacklist and does not recognize that the FROM address contains my own mail address. If I did not check the source code of this mail, I would not even be aware that I am now unable to send myself documents.
Team, this is your fix list:
- BASE64 is no rocket science and the HTM file makes it blatantly obvious it tries to steal passwords. This should be the easiest quarantine target out there if you take security seriously.
- Blacklisting your own email address should really not be in the tool chest of a mail client, should it?
Update: I received helpful feedback from Microsoft on this issue. Safe Sender overrode spam detection in this case. Teams are working on both how to modernize this space more holistically and how to fix the anti-phishing gap.