Microsoft 365 Tool Abused to Bypass Phishing Filters

Cybercriminals have found a new exploitation path by misusing the Microsoft 365 tool abused feature known as Direct Send. This feature, intended to help internal systems send emails through Microsoft’s infrastructure, is now being leveraged to distribute phishing messages that slip past conventional email security filters.

Security researchers have observed that attackers use Direct Send to make phishing emails appear more legitimate. Because the messages originate from Microsoft’s trusted servers, they often bypass defenses that would typically block suspicious traffic. This tactic increases the chances that victims will engage with malicious links or attachments.

The Microsoft 365 tool abused in this scheme allows threat actors to operate without deploying their own mail servers, reducing the risk of detection. As phishing campaigns grow more sophisticated, businesses face heightened challenges in protecting users from deceptive emails.

To learn more about how attackers are exploiting this feature, read the full article at the link below.
https://www.securityweek.com/microsoft-365-direct-send-abused-for-phishing/