‘New VPN Configuration’ Email Tricks Microsoft 365 Users Out of Credentials

Scammers are taking advantage of the prominent use of VPNs by remote workforces to send out this very topically relevant phishing email that just wants to steal your credentials.

Nearly one-third of users utilize a VPN to access work-related sites and services. From a cybercriminal’s perspective, that’s a significant chunk of people they can target. The shift to remote working due to COVID-19 has caused may organizations to see the VPN as a part of work connectivity, making it a part of their user’s everyday vernacular.

So, when scammers want to come up with a viable reason for needing the user to read their phishing email, it makes sense to use the VPN as the excuse. A new phishing campaign has been spotted in the wild touting the need for users to update their VPN configuration:

While this is a poorly worded and presented phishing scam, it represents a significant risk to organizations: users that are aware of their VPN but know little about it certainly don’t want to pass on a needed update, right?

This scam takes the victim to an impersonated Microsoft 365 login page to steal presented credentials.

There are a few ways to keeps scams like this from succeeding:

There will always be the “next” scam that tries to convince your users that they need to log into Microsoft 365. Make sure they’re prepared


SOURCE: KnowBe4

Principal Owner, Marketing Firm

Bringing IT360 on as our technology services “department” was one of the smartest business decisions we’ve made. Over the years, we’ve tried various similar services and have also hired internal IT staff, and we’ve never felt confident that we were adequately supported. IT360 has changed all that. They not only provide proactive, comprehensive technical support and consulting, they engage with us in a way that feels like they are part of our company…a true business partner.

Principal Owner, Marketing Firm

Recent
Technology News

IT360 News
Vaccine Research Companies are the Target of New Ransomware Attacks

The U.S. Treasury Department’s Financial Crimes Enforcement Network (FinCEN) warns financial organizations to be aware of campaigns actively targeting vaccine companies If you’re a ransomware gang and you want to maximize your ransom, who do you attack? An organization working feverishly to potentially make billions of dollars via a desperately needed vaccine, of course! Take […]

Read more
IT360 News
[HEADS UP] Allowing Site Notifications Can be Very Costly

Krebs on Security reported that there have been an increasing number of websites asking visitors to approve ‘notifications’. In most cases these notifications are not malicious, but several firms are paying site owners to install notification scripts to sell to scammers. Normally, a website will ask permission to send notifications (as long as you approve […]

Read more