Notifications
Clear all
Topic starter
27/06/2026 1:19 pm
TL;DR: Attackers are abusing Microsoft Direct Send to bypass secure email gateways and deliver QR code and CAPTCHA-hidden payloads directly to inboxes without stolen credentials, according to Abnormal AI. The pattern shows that trusted infrastructure can become a delivery path that legacy email defenses do not reliably inspect.
NHIMG editorial — here’s why we think this discussion matters
By the numbers:
- Attackers attempt access within an average of 17 minutes when AWS credentials are exposed publicly, and as quickly as 9 minutes in some cases.
- 70% of organisations grant AI systems more access than they would give a human employee performing the exact same job.
- Only 44% of organisations have implemented any policies to manage their AI agents, despite 92% agreeing that governing AI agents is critical to enterprise security.
Questions worth separating out
Q: How should security teams handle phishing that arrives through trusted email infrastructure?
A: Treat trusted infrastructure as a delivery path, not a guarantee of legitimacy.
Q: Why do secure email gateways miss some Direct Send abuse campaigns?
A: Secure email gateways often focus on known-bad senders, suspicious links, and obvious payload markers.
Practitioner guidance
- Validate trusted-path inspection coverage Test whether messages delivered through Microsoft Direct Send receive the same inspection depth as externally sourced email, including attachment, link, and rendering analysis.
- Harden detection for visual payload hiding Add controls that analyse QR codes, CAPTCHA-style overlays, and image-based lures after rendering, not only before delivery.
- Review reliance on sender trust signals Reduce dependence on sender reputation alone by correlating delivery path, domain similarity, and user interaction patterns.
What to expect at the briefing
Abnormal AI's full webinar covers the operational detail this post intentionally leaves for the source:
- Real attack walkthroughs showing how Microsoft Direct Send was abused in practice.
- Demonstrations of QR code and CAPTCHA-based concealment techniques used to hide malicious payloads.
- Examples of how behavioural AI detects message patterns that traditional secure email gateways miss.
- Auto-remediation workflow details for direct-send abuse cases and inbox-level containment.
👉 Read Abnormal AI's webinar on Microsoft Direct Send abuse and inbox evasion →
Microsoft Direct Send abuse: are your email controls keeping up?
Explore further
27/06/2026 2:37 pm
Trusted infrastructure is not a trust guarantee. Direct Send abuse shows that organisations often treat Microsoft-hosted delivery paths as implicitly safer than external mail. That assumption breaks when the attacker uses the trusted transport itself as the attack vehicle, because sender trust and content trust are no longer aligned. The implication is that email governance must separate infrastructure trust from message trust.
A few things that frame the scale:
- 70% of organisations grant AI systems more access than they would give a human employee performing the exact same job, according to the 2026 Infrastructure Identity Survey.
- Only 44% of organisations have implemented any policies to manage their AI agents, despite 92% agreeing that governing AI agents is critical to enterprise security.
A question worth separating out:
Q: Who is accountable when trusted email infrastructure is abused for phishing?
A: Accountability is shared across email security, identity, and platform governance. The team that owns the trusted delivery path must prove that its controls do not create an inspection blind spot, while the identity function should validate whether trust signals are being overused. Frameworks such as NIST CSF help map those responsibilities clearly.
👉 Read our full editorial: Microsoft Direct Send abuse exposes the limits of trusted email
