![How to Build an AI Assistant with Keith Moehring [MAICON 2025 Speaker Series]](https://www.marketingaiinstitute.com/hubfs/MAICON-Speaker_Series%20%281%29.png)
![[The AI Show Episode 156]: AI Answers - Data Privacy, AI Roadmaps, Regulated Industries, Selling AI to the C-Suite & Change Management](https://www.marketingaiinstitute.com/hubfs/ep%20156%20cover.png)
![[The AI Show Episode 155]: The New Jobs AI Will Create, Amazon CEO: AI Will Cut Jobs, Your Brain on ChatGPT, Possible OpenAI-Microsoft Breakup & Veo 3 IP Issues](https://www.marketingaiinstitute.com/hubfs/ep%20155%20cover.png)
![Rust VS Go VS TypeScript – which back end language is for you? With Tai Groot [Podcast #176]](https://cdn.hashnode.com/res/hashnode/image/upload/v1750974265013/73f79068-0087-4c39-8a8b-feea8cac873b.png?#)
.jpg?width=1920&height=1920&fit=bounds&quality=70&format=jpg&auto=webp#)
Warning! This Microsoft 365 feature can be used to steal your passwords
BleepingComputer reports that hackers have become aware of Direct Send, a relatively unknown feature in Microsoft 365 that’s primarily intended for use by on-premises printers and scanners that need to send emails as if they were sent from the organization’s domain. According to security firm Varonis, hackers are using the Direct Send feature to send malicious emails that appear to come from a known sender. The emails contain a link to a fake Microsoft form, and when the recipient enters their login details, those details are intercepted. Since May 2025, around 70 companies and organizations have been affected by the phishing campaign, mainly in the US. According to Microsoft, Direct Send is a secure feature but it requires users to configure the right settings and properly lock down their smart host, which doesn’t always happen. “We recommend Direct Send only for advanced customers willing to take on the responsibilities of email server admins,” explains Microsoft. To minimize the security risks involved, concerned users are encouraged to turn on the new “Reject Direct Send” setting in the Exchange Admin Center, which was introduced in April 2025. Further reading: You need to know about these common phishing scams that too many people fall for
BleepingComputer reports that hackers have become aware of Direct Send, a relatively unknown feature in Microsoft 365 that’s primarily intended for use by on-premises printers and scanners that need to send emails as if they were sent from the organization’s domain.
According to security firm Varonis, hackers are using the Direct Send feature to send malicious emails that appear to come from a known sender. The emails contain a link to a fake Microsoft form, and when the recipient enters their login details, those details are intercepted.
Since May 2025, around 70 companies and organizations have been affected by the phishing campaign, mainly in the US.
According to Microsoft, Direct Send is a secure feature but it requires users to configure the right settings and properly lock down their smart host, which doesn’t always happen. “We recommend Direct Send only for advanced customers willing to take on the responsibilities of email server admins,” explains Microsoft.
To minimize the security risks involved, concerned users are encouraged to turn on the new “Reject Direct Send” setting in the Exchange Admin Center, which was introduced in April 2025.
Further reading: You need to know about these common phishing scams that too many people fall for
