Cybercriminals Exploit Microsoft 365 Direct Send for Phishing Attacks
Hacker attacks and Malware: the latest news in real time and in-depth analysisNewscurrent events and analysis Cyber security and privacytwo-factor authenticationDMARCHackerphishingsecurity awarenesssocial engineering
Cybercriminals have developed a new attack technique that exploits the Direct Send service of Microsoft 365 to send phishing messages to internal users of a company without compromising accounts. This method allows attackers to bypass traditional protections by using legitimate features of the service. The technical details and defensive measures are explained in the article.