Office 365 users: Beware of fake company emails delivering a new VPN configuration

2020-06-04 08:32

Phishers are impersonating companies' IT support team and sending fake VPN configuration change notifications in the hopes that remote employees may be tricked into providing their Office 365 login credentials.

"The sender email address is spoofed to impersonate the domain of the targets' respective organizations. The link provided in the email allegedly directs to a new VPN configuration for home access. Though the link appears to be related to the target's company, the hyperlink actually directs to an Office 365 credential phishing website," Abnormal Security explained.

The original email headers show that the email has not been sent from the recipients' organization, but the sender email has been spoofed to say it has.

The phishing Office 365 login page is hosted on a Microsoft.

"Numerous versions of this attack have been seen across different clients, from different sender emails and originating from different IP addresses. However, the same payload link was employed by all of these attacks, implying that these were sent by a single attacker that controls the phishing website," the researchers noted.

News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/sMEulM1sup8/

#email #office #office365 #VPN