April 28, 2026
A recent campaign uncovered by Automates reveals how attackers are abusing Microsoft 365's Direct Send feature to deliver highly convincing phishing emails. By exploiting this functionality, threat actors can impersonate internal users, without ever needing to compromise an account.
If your business relies on email, and every business does, you
need to understand a rapidly evolving and highly sophisticated threat that is
quietly bypassing traditional security defenses.
Modern phishing attacks are no longer obvious. They are no
longer riddled with spelling errors or suspicious links. Instead, they are
engineered to look like legitimate, internal communications, emails that appear
to come from partners, staff, or trusted systems within your own organization.
Recent research from Microsoft and Automates reveals a
dangerous shift in attack strategies. Cybercriminals are now exploiting the way
email systems are configured rather than trying to break into them directly.
The Evolution of Phishing Attacks
Phishing has evolved dramatically over the past few years.
What once relied on deception alone now leverages deep technical knowledge of
email infrastructure.
Microsoft's 2026 security report highlights how attackers
are abusing complex routing and misconfigured email environments to spoof
domains and bypass traditional filtering mechanisms.
These emails often pass authentication checks and are
delivered directly into user inboxes without raising suspicion, as seen in the
picture below:
The Direct Send Exploit Explained
Automates research adds another layer to this threat by
exposing how attackers can abuse Microsoft 365's Direct Send functionality.
Direct Send allows devices like printers and scanners to
send emails without authentication. While convenient, this feature can be
exploited by attackers to send emails that appear to originate from within your
organization.
Because these messages do not require login credentials,
attackers can impersonate internal users without ever breaching your network.
Why This Matters for SMBs
Businesses are uniquely vulnerable due to the sensitive
nature of their communications and the financial transactions they handle.
An email that appears to come from a trusted partner
requesting a wire transfer or sensitive document can easily lead to fraud or
data exposure.
These attacks exploit trust, urgency, and familiarity, making
them extremely effective.
The Role of Misconfiguration
The root cause of these vulnerabilities is often
misconfiguration. Organizations may have the right tools in place, but if they
are not configured correctly, they provide a false sense of security.
Improperly configured SPF, DKIM, and DMARC settings, along
with complex mail routing, create gaps that attackers can exploit.
How to Protect Your Organization
To defend against these threats, organizations must take a
proactive and comprehensive approach to email security.
This includes enforcing strict authentication protocols,
simplifying mail flow, disabling unnecessary features like Direct Send, and
implementing advanced monitoring solutions.
Regular audits and continuous monitoring are essential to
maintaining a secure environment.
How Automates Helps
At Automates, we specialize in securing IT environments for
professional services organizations.
Our approach focuses on eliminating vulnerabilities at the
configuration level, ensuring that your systems are both secure and optimized.
We provide proactive monitoring, advanced cybersecurity
solutions, and compliance-driven strategies to protect your business from
evolving threats.
Conclusion
The most dangerous cyber threats today are the ones that
appear legitimate.
Without proper configuration and proactive management, your
organization remains vulnerable to these sophisticated attacks.
Taking action now can prevent costly breaches and protect
your firm's reputation.
Click here or give us a call at 619-349-5850 to schedule your free 15-Minute Discovery Call and make sure your business is protected from phishing attacks before they turn into real damage.
