Security News > 2020 > June > Phishing attack impersonates IT staff to target VPN users
2020-06-03 19:37
A phishing email claims to send the recipient to a VPN configuration page for home access but instead leads them to a credential-stealing site, said Abnormal Security.
Cybercriminals have been keen to exploit COVID-19 to create coronavirus-related malicious apps, phony websites, and phishing emails.
The body of the email itself is brief with simply a notice and link for new VPN home configuration access.
The attack plays on the need for a VPN while working from home.
In all cases the same payload link was used, a tipoff that a single attacker controls the phishing site.
News URL
Related news
- Phishing platform 'Lucid' behind wave of iOS, Android SMS attacks (source)
- iOS devices face twice the phishing attacks of Android (source)
- CISA tags SonicWall VPN flaw as actively exploited in attacks (source)
- Windows NTLM hash leak flaw exploited in phishing attacks on governments (source)
- SonicWall SMA VPN devices targeted in attacks since January (source)
- Three Reasons Why the Browser is Best for Stopping Phishing Attacks (source)
- Phishing detection is broken: Why most attacks feel like a zero day (source)
- DPRK Hackers Steal $137M from TRON Users in Single-Day Phishing Attack (source)
- SonicWall warns of more VPN flaws exploited in attacks (source)
- Low-tech phishing attacks are gaining ground (source)