Phishing emails are nothing new, but attackers have found a fresh way to trick people — by making their emails look like they’re coming from inside your own company. This method takes advantage of a Microsoft feature called Direct Send, which was designed for things like printers and scanners that need to email documents without logging in. Unfortunately, hackers are abusing it to send phishing emails that appear “internal.”

Why does this matter for small businesses? Because most of us are conditioned to trust emails from coworkers. When something looks like it came from inside, we’re more likely to click a link or open an attachment without a second thought.

Three Lessons Your Business Can Learn

1. Don’t assume internal means safe.
   Even if an email looks like it came from a colleague, pause and think before acting. Double-check unexpected requests by phone or chat instead of relying on the email alone.
2. Convenience often comes with risk.
   Features that make technology easier (like letting devices send mail without a password) can sometimes create openings for attackers. It’s a reminder that “set it and forget it” isn’t a safe approach with technology.
3. Verification is key.
   Strong checks — whether technical ones like email authentication or human ones like calling to confirm a request — make it harder for attackers to slip through. A quick moment of verification can prevent major headaches later.

Cybersecurity threats are always evolving, but the principles of awareness and cautious action stay the same. By keeping these lessons in mind, you can reduce the chance of falling victim to the latest tricks.

Sign up for our monthly Timely Tech Tips: https://bit.ly/CBTech-Tips

For weekly tips like these, follow us on Facebook: http://bit.ly/2sCMb30 LinkedIn: http://bit.ly/375e6HB Twitter: http://bit.ly/3ajca0n