‘New VPN Configuration’ Email Tricks Microsoft 365 Users Out of Credentials



email trick microsoft 365Scammers are taking advantage of the prominent use of VPNs by remote workforces to send out this very topically relevant phishing email that just wants to steal your credentials.

Nearly one-third of users utilize a VPN to access work-related sites and services. From a cybercriminal’s perspective, that’s a significant chunk of people they can target. The shift to remote working due to COVID-19 has caused may organizations to see the VPN as a part of work connectivity, making it a part of their user’s everyday vernacular.

So, when scammers want to come up with a viable reason for needing the user to read their phishing email, it makes sense to use the VPN as the excuse. A new phishing campaign has been spotted in the wild touting the need for users to update their VPN configuration:

0365-phish-vpn-conf

While this is a poorly worded and presented phishing scam, it represents a significant risk to organizations: users that are aware of their VPN but know little about it certainly don’t want to pass on a needed update, right?

This scam takes the victim to an impersonated Microsoft 365 login page to steal presented credentials.

There are a few ways to keeps scams like this from succeeding:

  • Put Microsoft 365 multi-factor authentication in place – this will keep most scammers from being able to use the stolen credentials. But, even this security measure has been overcome.
  • Teach users not to fall for this – take a good look at the email image above. The from address doesn’t use the organization’s domain, it has terrible grammar, and specifically requires the user to “login with your email and password” (which makes no sense). Any user that has undergone Security Awareness Training would see right through this kind of scam, pressing the delete key the moment they realize it’s a bogus email.

There will always be the “next” scam that tries to convince your users that they need to log into Microsoft 365. Make sure they’re prepared.


Find out which of your users' emails are exposed before bad actors do.

Many of the email addresses and identities of your organization are exposed on the internet and easy to find for cybercriminals. With that email attack surface, they can launch social engineering, spear phishing and ransomware attacks on your organization. KnowBe4's Email Exposure Check Pro (EEC) identifies the at-risk users in your organization by crawling business social media information and now thousands of breach databases.

EECPro-1Here's how it works:

  • The first stage does deep web searches to find any publicly available organizational data
  • The second stage finds any users that have had their account information exposed in any of several thousand breaches
  • You will get a summary report PDF as well as a link to the full detailed report
  • Results in minutes!

Get Your Free Report

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

https://www.knowbe4.com/email-exposure-check/



Subscribe to Our Blog


Comprehensive Anti-Phishing Guide




Get the latest about social engineering

Subscribe to CyberheistNews