Phishing attack impersonates IT staff to target VPN users

published 03.06.2020 22:37

Image of article 'Phishing attack impersonates IT staff to target VPN users'

To protect your organization against these types of phishing attacks, Ken Liao, vice president of cybersecurity strategy for Abnormal Security, offers the following tips: Double-check the senders and addresses for messages to ensure they're coming from legitimate sources.

SEE: Cybersecurity: Let's get tactical (free PDF) (TechRepublic) Abnormal Security said it spotted several versions of this attack across multiple clients from different sender addresses and from different IP addresses.

Abnormal Security Clicking on the link directs the user to a landing page that looks identical to a Microsoft 365 login page.

In a blog post published Wednesday, Abnormal Security describes a new phishing campaign that exploits the need for VPNs.

A phishing email claims to send the recipient to a VPN configuration page for home access but instead leads them to a credential-stealing site, said Abnormal Security.