‘New VPN Configuration’ Email Tricks Microsoft 365 Users Out of Credentials

Nearly one-third of users utilize a VPN to access work-related sites and services. From a cybercriminal’s perspective, that’s a significant chunk of people they can target. The shift to remote working due to COVID-19 has caused may organizations to see the VPN as a part of work connectivity, making it a part of their user’s everyday vernacular.

So, when scammers want to come up with a viable reason for needing the user to read their phishing email, it makes sense to use the VPN as the excuse. A new phishing campaign has been spotted in the wild touting the need for users to update their VPN configuration:

While this is a poorly worded and presented phishing scam, it represents a significant risk to organizations: users that are aware of their VPN but know little about it certainly don’t want to pass on a needed update, right?

This scam takes the victim to an impersonated Microsoft 365 login page to steal presented credentials.

There are a few ways to keeps scams like this from succeeding:

• Put Microsoft 365 multi-factor authentication in place – this will keep most scammers from being able to use the stolen credentials. But, even this security measure has been overcome.
• Teach users not to fall for this – take a good look at the email image above. The from address doesn’t use the organization’s domain, it has terrible grammar, and specifically requires the user to “login with your email and password” (which makes no sense). Any user that has undergone Security Awareness Training would see right through this kind of scam, pressing the delete key the moment they realize it’s a bogus email.

There will always be the “next” scam that tries to convince your users that they need to log into Microsoft 365. Make sure they’re prepared

---

SOURCE: KnowBe4