INSUBCONTINENT EXCLUSIVE:
A new phishing campaign is targeting Office 365 customers by impersonating their organizations in messages telling them they need to update
their VPN configuration while working remotely.The phishing emails used in the campaign are made to look as if they come from an
organization's IT support department in an effort to lure employees into opening them
According to the email security firm Abnormal Security, so far 15,000 targets have received these convincing phishing emails.VPN usage has
soared with more employees working from home than ever before as a result of the pandemic which is why this and other recent phishing
campaigns have been so effective
Employees rely on VPNs as a means to connect to their company servers and access sensitive data while working remotely.The attackers behind
this campaign have gone to great lengths to make not only their phishing emails but also their phishing landing pages more convincing.For
starters, the attackers are spoofing the sender email address in their phishing emails to match the domain of targets' organizations
The VPN configs sent in these emails actually take users to a phishing landing page that accurately impersonates Microsoft's Office 365
This fake login page is also hosted on a domain owned by Microsoft.By abusing the Azure Blob Storage platform, the attackers have made it so
their landing page has a valid Microsoft certificate that displays the secure padlock since they are using a web.core.windows.net wildcard
Most users would see that the certificate was issued by Microsoft and not even think twice about entering their Office 365 credentials.In a
blog post, Abnormal Security warned that this campaign is widespread and that numerous versions of this attack have been spotted in the
However, the same payload link was employed by all of these attacks, implying that these were sent by a single attacker that controls the
by Microsoft on its microsoft.com, live.com or outlook.com domains.Also check out our complete list of the best VPN servicesVia
