Argomenti trattati
As the digital world continues to change, so do the tactics employed by cybercriminals. One area that has recently raised eyebrows is the Direct Send feature in Microsoft 365, particularly for its unforeseen involvement in phishing schemes. This feature was originally designed to help on-premises printers and scanners send emails using an organization’s domain, but it’s now being exploited by hackers for malicious purposes. This shift has sparked serious security concerns for both businesses and everyday users.
What is Direct Send and how is it exploited?
So, what exactly is Direct Send? It’s a feature within Microsoft 365 that enables devices like printers and scanners to send emails directly through an organization’s email server. While this functionality offers great convenience, it has caught the attention of cybercriminals who see it as a potential weak link. Security analyses, including those from firms like Varonis, reveal that hackers have been using Direct Send to send out fraudulent emails that look like they come from legitimate sources. Often, these emails contain links to fake Microsoft forms designed to steal sensitive login information from unsuspecting victims.
Since this phishing tactic first appeared in May 2025, around 70 companies across the United States have reported being targeted. The deceptive nature of these emails, which appear credible due to their supposed origin, has made it increasingly challenging for users to spot the threat.
The importance of proper configuration and security measures
Microsoft emphasizes that while Direct Send is intended to be a secure feature, its effectiveness largely hinges on correct configuration by users. Unfortunately, many organizations neglect to properly secure their smart host settings, inadvertently leaving themselves open to exploitation. Microsoft cautions that Direct Send should only be used by advanced users who are capable of managing responsibilities similar to those of email server administrators.
To help counter these risks, Microsoft has rolled out a new setting in the Exchange Admin Center called “Reject Direct Send.” This feature aims to enhance security by allowing users to block unauthorized senders from utilizing Direct Send. Introduced in April 2025, this setting is an essential tool for organizations looking to strengthen their email security protocols.
Staying informed and vigilant against phishing attacks
In a time when phishing attacks are becoming more sophisticated, it’s vital for users to stay alert. Organizations must educate their employees about the potential threats associated with features like Direct Send and implement rigorous security measures to mitigate risks. Regular training sessions focused on identifying phishing attempts and understanding the importance of protecting login credentials can significantly lower the chances of falling victim to these attacks.
Moreover, keeping up with the latest security developments and best practices from trusted sources will empower organizations to defend against evolving cyber threats. As the landscape of cybercrime continues to shift, taking proactive steps and making informed decisions will be crucial for maintaining the integrity of both personal and organizational data.