A creative Office 365 phishing campaign has been inverting images used as backgrounds for landing pages to avoid getting flagged as malicious by crawlers designed to spot phishing sites. These inverted backgrounds are commonly used as part of phishing kits that attempt to clone legitimate login pages as closely as possible to harvest a target’s credentials by tricking them into entering them into a fake login form. The phishing kit designed to use this novel tactic automatically reverts the backgrounds using Cascading Style Sheets to make them look just like the original backgrounds of the Office 365 login pages they are trying to mimic.
Source: https://www.bleepingcomputer.com/news/security/sneaky-office-365-phishing-inverts-images-to-evade-detection/