Security News > 2020 > June > Phishing attack impersonates IT staff to target VPN users
2020-06-03 19:37
A phishing email claims to send the recipient to a VPN configuration page for home access but instead leads them to a credential-stealing site, said Abnormal Security.
Cybercriminals have been keen to exploit COVID-19 to create coronavirus-related malicious apps, phony websites, and phishing emails.
The body of the email itself is brief with simply a notice and link for new VPN home configuration access.
The attack plays on the need for a VPN while working from home.
In all cases the same payload link was used, a tipoff that a single attacker controls the phishing site.
News URL
Related news
- Free Sniper Dz Phishing Tools Fuel 140,000+ Cyber Attacks Targeting User Credentials (source)
- DOJ, Microsoft seize 107 domains used in Russia's Star Blizzard phishing attacks (source)
- GitHub, Telegram Bots, and ASCII QR Codes Abused in New Wave of Phishing Attacks (source)
- Astaroth Banking Malware Resurfaces in Brazil via Spear-Phishing Attack (source)
- Cisco fixes VPN DoS flaw discovered in password spray attacks (source)
- New Cisco ASA and FTD features block VPN brute-force password attacks (source)
- Midnight Blizzard Escalates Spear-Phishing Attacks On Over 100 Organizations (source)
- Windows infected with backdoored Linux VMs in new phishing attacks (source)
- Fortinet VPN design flaw hides successful brute-force attacks (source)