HelpNetSecurity.com reported that "Phishers are impersonating companies' IT support team and sending fake VPN configuration change notifications in the hopes that remote employees may be tricked into providing their Office 365 login credentials." The June 4, 2020 report entitled "Office 365 users: Beware of fake company emails delivering a new VPN configuration" included these comments:
The phishers are betting on the high possibility that the recipients are working from home and need to use VPN for work-related tasks.
They hope the targets will be concerned about the possibility of losing access to company resources and that that concern will override their good sense and anti-phishing training.
The original email headers show that the email has not been sent from the recipients' organization, but the sender email has been spoofed to say it has.
The phishing Office 365 login page is hosted on a Microsoft .NET platform, with a valid Microsoft certificate, which might be enough to fool some targets.
Phishing is not slowing down during Covid-19, so please be careful!
Originally published 05 June 2020
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.