Microsoft 365’s Direct Send: Phishers’ New Playground or Just a Bad Joke?

Hackers are turning Microsoft 365’s Direct Send feature into a phishing playground, sending fake internal emails that employees easily fall for. It’s like finding out your office printer has become a part-time con artist. Time to tighten those security settings before your inbox becomes a phishing festival!

3P
Published: August 4, 2025 7:29 pmAdded: August 4, 2025 at 12:42 pmAssembled by: The Editor
Pro Dashboard

Hot Take:

Microsoft 365’s Direct Send feature is like that one friend who always leaves the backdoor open and lets strangers into the party! Proofpoint’s latest revelation shows hackers are crashing the corporate email bash with ease, and it’s time for companies to step up their bouncer game.

Key Points:

  • Attackers are exploiting Microsoft 365’s Direct Send feature to send phishing emails that appear internal.
  • SMTP relays are being used to bypass security checks with unsecured communication ports.
  • The emails carry a business theme to lure users into clicking malicious links.
  • Some phishing emails are flagged but still end up in users’ junk folders.
  • Companies are advised to audit email systems and potentially disable Direct Send if unnecessary.

Membership Required

 You must be a member to access this content.

View Membership Levels
Already a member? Log in here
The Nimble Nerd
powered by the NSA, er,  GDPR Cookie Compliance
Confessional Booth of Our Digital Sins

Okay, deep breath, let's get this over with. In the grand act of digital self-sabotage, we've littered this site with cookies. Yep, we did that. Why? So your highness can have a 'premium' experience or whatever. These traitorous cookies hide in your browser, eagerly waiting to welcome you back like a guilty dog that's just chewed your favorite shoe. And, if that's not enough, they also tattle on which parts of our sad little corner of the web you obsess over. Feels dirty, doesn't it?