Hackers Exploiting Microsoft 365’s “Direct Send” Feature to Bypass Security Filters

Cybercriminals are now leveraging Microsoft 365’s “Direct Send” feature to deliver phishing emails directly to users’ inboxes, bypassing standard email security protections. This feature, intended to allow devices like printers and scanners to send emails without authentication, is being exploited to make phishing emails appear more legitimate and originate from trusted domains.

The attackers are taking advantage of how Microsoft 365 processes unauthenticated messages. By sending emails from compromised or misconfigured mail servers via Direct Send, threat actors can slip past many email filtering systems that typically scan for sender authentication protocols like SPF, DKIM, or DMARC. These emails often include malicious links or attachments that can lead to credential theft or malware infections.

This vulnerability highlights a growing concern for businesses using cloud-based email services. Organizations are urged to review their mail flow configurations, disable unused features like Direct Send where possible, and implement more robust email security solutions that include behavioral analysis and threat intelligence to detect and block these emerging attack techniques.

As cyber criminals evolve, it is critical each business has modern protections in place to reduce your chances of being the cyber attack victim. If you are concerned about your security, we can help!

For more information about this cyber threat, check out this article from cybersecuritynews.com.