Exploiting Direct Send Attackers Abuse Microsoft 365 to Deliver Internal Phishing Attacks

Key takeaways

Threat actors are exploiting Microsoft 365’s Direct Send feature to deliver phishing emails that appear to originate from within the organization, undermining internal trust, and increasing the risk of successful social engineering attacks.

Phishing messages often evade built-in defenses, landing in users’ junk folders despite being flagged by Microsoft’s composite authentication checks.

Lures are highly effective and business-themed, frequently using pretexts like task reminders, wire authorizations, and voicemails to entice user interaction.

This campaign reflects a broader trend of adversaries abusing legitimate cloud services to bypass security controls, making it essential for organizations to reassess their email authentication and relay configurations.

To read the complete article see: Proofpoint