Fake VPN messages used to lure Office 365 phishing victims

A new phishing campaign is targeting Office 365 customers by impersonating their organizations in messages telling them they need to update ...

A new phishing campaign is targeting Office 365 customers by impersonating their organizations in messages telling them they need to update their VPN configuration while working remotely.

The phishing emails used in the campaign are made to look as if they come from an organization's IT support department in an effort to lure employees into opening them. According to the email security firm Abnormal Security, so far 15,000 targets have received these convincing phishing emails.

VPN usage has soared with more employees working from home than ever before as a result of the pandemic which is why this and other recent phishing campaigns have been so effective. Employees rely on VPNs as a means to connect to their company servers and access sensitive data while working remotely.

Office 365 credentials

The attackers behind this campaign have gone to great lengths to make not only their phishing emails but also their phishing landing pages more convincing.

For starters, the attackers are spoofing the sender email address in their phishing emails to match the domain of targets' organizations. The VPN configs sent in these emails actually take users to a phishing landing page that accurately impersonates Microsoft's Office 365 login page. This fake login page is also hosted on a domain owned by Microsoft.

By abusing the Azure Blob Storage platform, the attackers have made it so their landing page has a valid Microsoft certificate that displays the secure padlock since they are using a web.core.windows.net wildcard SSL certificate. Most users would see that the certificate was issued by Microsoft and not even think twice about entering their Office 365 credentials.

In a blog post, Abnormal Security warned that this campaign is widespread and that numerous versions of this attack have been spotted in the wild, saying:

“Numerous versions of this attack have been seen across different clients, from different sender emails and originating from different IP addresses. However, the same payload link was employed by all of these attacks, implying that these were sent by a single attacker that controls the phishing website.”

To avoid falling victim this campaign, users should only enter their Office 365 credentials on official login pages hosted by Microsoft on its microsoft.com, live.com or outlook.com domains.

  • Also check out our complete list of the best VPN services

Via BleepingComputer



from TechRadar - All the latest technology news https://ift.tt/2Y54J7I
via IFTTT

COMMENTS

BLOGGER
Name

Apps,3858,Business,151,Camera,1155,Earn $$$,3,Gadgets,1741,Games,926,GTA,1,Innovations,3,Mobile,1697,Paid Promotions,5,Promotions,5,Sports,1,Technology,8106,Trailers,796,Travel,37,Trending,4,Trendly News,25335,TrendlyNews,183,Video,5,XIAOMI,13,YouTube - 9to5Google,182,
ltr
item
Trendly News | #ListenNow #Everyday #100ShortNews #TopTrendings #PopularNews #Reviews #TrendlyNews: Fake VPN messages used to lure Office 365 phishing victims
Fake VPN messages used to lure Office 365 phishing victims
Trendly News | #ListenNow #Everyday #100ShortNews #TopTrendings #PopularNews #Reviews #TrendlyNews
http://www.trendlynews.in/2020/06/fake-vpn-messages-used-to-lure-office.html
http://www.trendlynews.in/
http://www.trendlynews.in/
http://www.trendlynews.in/2020/06/fake-vpn-messages-used-to-lure-office.html
true
3372890392287038985
UTF-8
Loaded All Posts Not found any posts VIEW ALL Readmore Reply Cancel reply Delete By Home PAGES POSTS View All RECOMMENDED FOR YOU LABEL ARCHIVE SEARCH ALL POSTS Not found any post match with your request Back Home Sunday Monday Tuesday Wednesday Thursday Friday Saturday Sun Mon Tue Wed Thu Fri Sat January February March April May June July August September October November December Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec just now 1 minute ago $$1$$ minutes ago 1 hour ago $$1$$ hours ago Yesterday $$1$$ days ago $$1$$ weeks ago more than 5 weeks ago Followers Follow THIS PREMIUM CONTENT IS LOCKED STEP 1: Share. STEP 2: Click the link you shared to unlock Copy All Code Select All Code All codes were copied to your clipboard Can not copy the codes / texts, please press [CTRL]+[C] (or CMD+C with Mac) to copy