Phishing scams are getting more and more sophisticated, and the latest one is straight out of a horror movie. The Direct Send phishing scam makes it very hard to determine if an email is legit or not – compromising security.
In the Direct Send phishing scam, hackers are exploiting this Microsoft 365 feature, making the email seem like it’s coming from within your company or organization. Under close, expert inspection, one can determine it is a scam – but it isn’t easy.
These scammers use Microsoft 365’s Direct Send feature to build emails that look legit – and trustworthy. That means people are more likely to open them because they are in your inbox, not your junk folder.
This new scam is very effective and can look like a task reminder or other legit themed email from your company or organization.
So, what does this Direct Send phishing scam mean? It means companies and organizations need to take a closer look at email security – specifically authentication and relay configurations.
Direct Send lets devices and apps send messages to users without authentication, provided folks are inside the organization. But that feature is why hackers are exploiting it and can send these phishing messages – without a valid account or password.
And this means their success rate is higher – not good for security.
This isn’t just a flaw or blip – it is a real threat and should be taken seriously, as it can impact an organization or company quickly.
If you can’t trust an internal email, that’s a big issue. It can impact productivity, security and the trust your customers place in you.
It’s up to IT professionals and business owners to take this seriously and work to mitigate this risk, looking at their policies and security.
In our next blog, we discuss things your business or organization can do to mitigate the risk – and maintain security in light of Direct Send phishing scam possibilities.
AccuNet Inc.
Want to learn more about what we can do for your organization or business? Contact us today!
