Microsoft Warns Misconfigured Email Routing Can Enable Internal Domain Phishing
✦ NabkaNews BriefAuto-summarized from multiple outlets · verify with the source
Microsoft has warned that misconfigured email routing can enable internal domain phishing attacks. There are reports of phishing actors exploiting these misconfigurations to spoof domains, with some outlets noting a surge in such attacks. The issue appears to affect Microsoft 365 and Exchange, with a specific feature called "Direct Send" being abused to send phishing emails that appear to come from internal users.
Full coverage
12345678