Security News > 2020 > June > Phishing attack impersonates IT staff to target VPN users
2020-06-03 19:37
A phishing email claims to send the recipient to a VPN configuration page for home access but instead leads them to a credential-stealing site, said Abnormal Security.
Cybercriminals have been keen to exploit COVID-19 to create coronavirus-related malicious apps, phony websites, and phishing emails.
The body of the email itself is brief with simply a notice and link for new VPN home configuration access.
The attack plays on the need for a VPN while working from home.
In all cases the same payload link was used, a tipoff that a single attacker controls the phishing site.
News URL
Related news
- SonicWall firewalls now under attack: Patch ASAP or risk intrusion via your SSL VPN (source)
- Microsoft: Hackers steal emails in device code phishing attacks (source)
- Darktrace: 96% of Phishing Attacks in 2024 Exploited Trusted Domains Including SharePoint & Zoom Docs (source)
- Phishing attack hides JavaScript using invisible Unicode trick (source)
- FatalRAT Phishing Attacks Target APAC Industries Using Chinese Cloud Services (source)
- Hackers Exploit AWS Misconfigurations to Launch Phishing Attacks via SES and WorkMail (source)
- YouTube warns of AI-generated video of its CEO used in phishing attacks (source)
- Ransomware gang creates tool to automate VPN brute-force attacks (source)
- Ukrainian military targeted in new Signal spear-phishing attacks (source)
- Phishing platform 'Lucid' behind wave of iOS, Android SMS attacks (source)