Office 365 phishing baits remote workers with fake VPN configs

silversurfer

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
10,057
Microsoft Office 365 customers are targeted by a phishing campaign using bait messages camouflaged as notifications sent by their organization to update the VPN configuration they use to access company assets while working from home.

The phishing emails impersonating VPN configuration update requests sent by their company's IT support department have so far landed in the inboxes of up to 15,000 targets according to stats from researchers at email security company Abnormal Security.

These phishing messages are a lot more dangerous because of the huge influx of employees working remotely and using VPNs to connect to company resources from home for sharing documents with their colleagues and accessing their orgs' servers.

The attackers are spoofing the sender email address in the phishing emails to match the domains of their targets' organizations and embed hyperlinks that instead of directing the recipients to new VPN configs send them to phishing landing sites designed to steal their Office 365 credentials.

"Numerous versions of this attack have been seen across different clients, from different sender emails and originating from different IP addresses," Abnormal Security explains.
"However, the same payload link was employed by all of these attacks, implying that these were sent by a single attacker that controls the phishing website."
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top