Microsoft 365 ‘Direct Send’ abused to send phishing as internal users

An ongoing phishing campaign abuses a little‑known feature in Microsoft 365 called “Direct Send” to evade detection by email security and steal credentials.

Direct Send is a Microsoft 365 feature that allows on‑premises devices, applications, or cloud services to send emails through a tenant’s smart host as if they originated from the organization’s domain. It’s designed for use by printers, scanners, and other devices that need to send messages on behalf of the company.

However, the feature is a known security risk, as it doesn’t require any authentication, allowing remote users to send internal‑looking emails from the company’s domain.

Microsoft recommends that only advanced customers utilize the feature, as its safety depends on whether Microsoft 365 is configured correctly and the smart host is properly locked down.

Read More:

https://www.bleepingcomputer.com/news/security/microsoft-365-direct-send-abused-to-send-phishing-as-internal-users/

Skip to content