Remote workers are being warned of a phishing scam claiming to be from their employer’s IT support department. The phishing campaign advises the recipient that they require new VPN configuration details to access company assets while working from home.
Criminals have quickly seized the opportunity to exploit the current COVID-19 crisis in any way possible, from malicious apps to smishing scams and phishing campaigns. As workforces continue to work from home for the foreseeable future, fraudsters have shifted their focus to target remote workers with a VPN configuration scam.
The phishing email claims to be from IT support at the recipient’s organisation. The body of the email includes a notice and link for new VPN home configuration access.
To add credibility, the phishing scam uses a spoof email to impersonate the domain of the recipient’s organisation. Spoofing the sender of an email is a common tactic by many cybercriminals to make it look like a phishing scam has come from a legitimate source.
The link directs users to a landing page that mirrors a Microsoft 365 login page and instructs the recipient to enter their login credentials. Instead, the user is directed to a phishing landing site designed to steal their Office 365 credentials. To add further authority, the page uses a valid Microsoft certificate and is hosted on a Microsoft.NET platform, making it difficult to detect the phishing attempt.
More so, the email does not include a URL address but masks the malicious URL by embedding hyperlinked text within the email. By hiding the actual URL, the attackers aim to trick users into believing that this is a legitimate Microsoft Office login page.
This particular VPN configuration scam could have a high rate of success in tricking potential victims since many recipients may log into their Office 365 accounts to avoid losing remote access to company servers and resources. This is a common characteristic of phishing campaigns that prey on a victims’ sense of urgency, in order to trigger the recipient to take action immediately.
With this attack, users who mistakenly enter their credentials not only expose their Microsoft account but any other accounts that use those credentials as a single sign-on.
According to the latest figures from researchers at email security company Abnormal Security, it is believed that this VPN Configuration Scam landed in the inboxes of up to 15,000 targets so far.
How to Prevent Phishing Scams
- Never click on links or download attachments without confirming the source.
- Double-check the senders and addresses for messages to ensure they’re coming from legitimate sources.
- Always double check the webpage’s URL before signing in and never log into sites through following a link in an email.
- Install the latest anti-virus software solutions on all your devices.
- Regularly back up your data.
- Avoid clicking on links or opening attachments within unexpected or suspicious emails.
- Only download attachments from sources you can trust.
- Always take time to think about a request for your personal information, and whether the request is appropriate.
- Pay close attention to the spelling of an email or web page. If there are any inconsistencies, users should be cautious.
- Ignore and delete emails with unexpectedly poor grammar and formatting.
- Question the validity of any email that asks you to submit personal or financial information.
- Use strong passwords to reduce the chance of devices being hacked.
- Consider the use of a password manager to maintain the security of multiple accounts.
Create a More Security Conscious Workforce
Cyber Security Awareness for Dummies acts as an indispensable resource for implementing behavioural change and creating a culture of cyber awareness.
In this guide, you will learn:
- What Cyber Security awareness means for your organisation
- How to implement a cyber risk awareness campaign
- The critical role of policies to establish safe baselines
- How to maintain momentum and staff engagement
- 10 Cyber Security awareness best practices