Cybercriminals have discovered a sophisticated new attack vector by exploiting Microsoft 365’s Direct Send feature to deliver phishing campaigns that masquerade as legitimate internal communications.
This emerging threat leverages a legitimate Microsoft service designed for multifunction printers and legacy applications, turning it into a weapon for social engineering attacks that bypass traditional email security controls.
The attack campaign represents a significant evolution in phishing tactics, as threat actors can now send malicious emails that appear to originate from within the target organization without requiring valid credentials or authentication.
More Info