There have been reports of a phishing attack impersonating IT staff that aims to target VPN users. The email appears to send the user to a VPN configuration page for home access in an attempt to steal their data.
As the majority of the world began to work from home due to the COVID-19 Pandemic, organisations turned to VPNs to safely connect their users to company servers to share data, making VPNs a perfect choice for cybercriminals to use as a topic in their phishing emails.
According to Abnormal Security, the attack impersonates a notification email from your IT support team - complete with a fake email impersonating the domain of your organisation. The email includes a link to a 'New VPN configuration home access' and it specifies to login with your email and password, with the email signed off by "IT Support". If you click the link, you are redirected to an Office 365 credential phishing website.
The landing page is hosted on a Microsoft .NET platform and looks identical to the O365 login website, making it difficult for users to realise they're being scammed. The phishing email includes a link that references the targeted organisation's name, which is used to gain the trust of the recipient and get them to lower their guard.
This type of attack is a simple way for cybercriminals to gain a user's information, and use that to gather data and access to your organisation. Abnormal Security state that they have seen several versions of this attack across multiple clients from different senders and IP addresses, however, the same payload link was used, which indicates a single attacker controls the phishing landing page.
What can you do?
Phishing attacks are a popular choice for cybercriminals to use, as they expect you to trust every email you receive and not inspect them.
Double-Check the Sender
If you receive an unexpected email, make sure you double-check the sender's email address. You can do this by hovering over the 'From/Sender' email address, or by clicking on it to reveal the REAL email address it's been sent from, not just the display name.
If you've ever had to add a hyperlink into a document or email, you will know that any word can be turned into a hyperlink, even if you've copied and pasted a URL such as, 'www.google.co.uk' into an email, the hyperlink can be edited afterwards. Therefore, make sure you check hyperlinks before clicking on them - you can do this by hovering over them in the email or if you did click on the link, check the address bar and do not enter your credentials if a website/URL looks suspicious.
If in doubt, contact your IT department
If you've received an email and you're unsure whether it's safe to download attachments or click on links, get in touch with your IT support team. It's better to be cautious than overly trusting, as one click can lead to malicious downloads and malware.
Our blog on phishing emails contains examples (with images) of what you should look out for and the warnings signs of phishing emails, including those that are highly targeted and personalised.
If you haven't set this up already, you should invest in Email Protection. Security risks to your emails are constantly evolving, which is why you need to have email protection software that'll defend against both known and new threats.
If you'd like to discuss how you can protect your organisation and your users from phishing attacks, please get in touch and we'd be happy to help.
We can provide training for your users as well as security solutions to help safeguard your data from cybercriminals.