It seems like there are new phishing scams popping up all the time – and there are. The latest exploitation of Microsoft 365’s Direct Send feature is particularly gnarly.

In the Direct Send phishing scam, bad actors are exploiting a feature of Direct Send which allows devices and apps to send messages to users without authentication – meaning the message looks like it comes from a legitimate in-house user. In fact, it’s a sophisticated phishing scam and can be devastating to your business.

Because these scam emails look trustworthy, they are devastatingly successful at tricking humans.

But there are things your business can do about this Direct Send exploitation. You don’t have to sit back and let hackers put your company’s cyber security at risk.

Here are some tips and tricks for keeping your business safe from this phishing scam.

  1. Check to see if your business uses Direct Send. If it does, make sure to enable the Reject Direct Send feature.
  2. Make sure to audit mail flow rules for accepted unauthenticated relay IPs; monitor message headers for spoofing attempts that are flagged by Microsoft
  3. Have your business enforce email authentication (SPF, DKIM, DMARC) with strict DMARC reject and SPF hard fail policies, where possible, by partnering with a trusted service like Proofpoint Email Fraud Defense to ensure deliverability of legitimate email
  4. Upgrade your email security solutions to something more advanced, such as Proofpoint Core Email Protection to bolster Microsoft’s native protections

No one wants an IT disaster – and you don’t have to sit idly by as hackers attempt to breach your business’ cybersecurity features.

AccuNet Inc.

Want to learn more about what we can do for your organization or business? Contact us today! We can help.