Back in Part 1, we walked through how attackers are using Microsoft 365’s Direct Send feature to spoof internal emails, making those messages look like they’re coming from a trusted domain.

In previous versions of Microsoft Outlook (the classic app), you could view the HTML code of an email by opening the email, right-clicking on it, and selecting “View source” from the context menu.