{"id":2849,"date":"2025-06-27T10:38:51","date_gmt":"2025-06-27T10:38:51","guid":{"rendered":"https:\/\/cert-mu.govmu.org\/cert-mu\/?page_id=2849"},"modified":"2025-06-27T10:39:59","modified_gmt":"2025-06-27T10:39:59","slug":"microsoft-365-direct-send-abused-to-send-phishing-as-internal-users","status":"publish","type":"page","link":"https:\/\/cert-mu.govmu.org\/cert-mu\/?page_id=2849","title":{"rendered":"Microsoft 365 ‘Direct Send’ abused to send phishing as internal users"},"content":{"rendered":"\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

An ongoing phishing campaign abuses a little\u2011known feature in Microsoft 365 called “Direct Send” to evade detection by email security and steal credentials.<\/p>

Direct Send is a Microsoft 365 feature that allows on\u2011premises devices, applications, or cloud services to send emails through a tenant’s smart host as if they originated from the organization’s domain. It\u2019s designed for use by printers, scanners, and other devices that need to send messages on behalf of the company.<\/p>

However, the feature is a known security risk, as it doesn’t require any authentication, allowing remote users to send internal\u2011looking emails from the company’s domain.<\/p>

Microsoft recommends that only advanced customers utilize the feature, as its safety depends on whether Microsoft 365 is configured correctly and the smart host is properly locked down.<\/p>

Read More: <\/strong><\/p>

https:\/\/www.bleepingcomputer.com\/news\/security\/microsoft-365-direct-send-abused-to-send-phishing-as-internal-users\/<\/a><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"

An ongoing phishing campaign abuses a little\u2011known feature in Microsoft 365 called “Direct Send” to evade detection by email security and steal credentials. Direct Send is a Microsoft 365 feature that allows on\u2011premises devices, applications, or cloud services to send emails through a tenant’s smart host as if they originated from the organization’s domain. It\u2019s designed for use by printers, scanners, and other devices that need to send messages on behalf of the company. However, the feature is a known security risk, as it doesn’t require any authentication, allowing remote users to send internal\u2011looking emails from the company’s domain. Microsoft\u2026<\/p>\n","protected":false},"author":7,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"footnotes":""},"class_list":["post-2849","page","type-page","status-publish","hentry"],"blocksy_meta":"","_links":{"self":[{"href":"https:\/\/cert-mu.govmu.org\/cert-mu\/index.php?rest_route=\/wp\/v2\/pages\/2849","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cert-mu.govmu.org\/cert-mu\/index.php?rest_route=\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/cert-mu.govmu.org\/cert-mu\/index.php?rest_route=\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/cert-mu.govmu.org\/cert-mu\/index.php?rest_route=\/wp\/v2\/users\/7"}],"replies":[{"embeddable":true,"href":"https:\/\/cert-mu.govmu.org\/cert-mu\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=2849"}],"version-history":[{"count":4,"href":"https:\/\/cert-mu.govmu.org\/cert-mu\/index.php?rest_route=\/wp\/v2\/pages\/2849\/revisions"}],"predecessor-version":[{"id":2856,"href":"https:\/\/cert-mu.govmu.org\/cert-mu\/index.php?rest_route=\/wp\/v2\/pages\/2849\/revisions\/2856"}],"wp:attachment":[{"href":"https:\/\/cert-mu.govmu.org\/cert-mu\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=2849"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}