Hackers Abuse Microsoft 365 Direct Send to Deliver Internal Phishing Emails
hackread.comA new Proofpoint report reveals how attackers are using Microsoft 365’s Direct Send and unsecured SMTP relays to send internal-looking phishing emails.
The latest research from cybersecurity firm Proofpoint reveals a clever phishing campaign that uses a legitimate Microsoft 365 feature to trick people into opening malicious emails. The attack, reportedly, sends messages that appear to be from inside a company, making them look highly trustworthy to employees.
Proofpoint researchers observed that attackers are taking advantage of a setting in Microsoft 365 called Direct Send. This feature is intended for things like office printers to send faxes and scans directly to an email inbox without a password. However, hackers are misusing it to send fake emails that seem to come from within an organization. This allows them to bypass many of the usual security checks.
How The Attack Works
The malicious campaign uses a sophisticated chain to deliver its ...
Copyright of this story solely belongs to hackread.com . To see the full text click HERE