Office 365 Phishing Attack Targets WFH

Hackers keep abusing WFH confusion. This time focused on VPNs.

With many employees working from home, VPNs (virtual private networks) have become widely used for WFH security. And they should be! It’s an important layer of security for any remote work environment.

As we’ve seen recently, hackers are creating and exploiting pandemic confusion for their profit (just like here and here). A new Phishing attack warns users to urgently update VPN configurations. The email impersonates the victim’s IT department with a link to a spoofed Office 365 login page.

The attackers are spoofing the sender email address to match the domains of their targets’ organizations and embed hyperlinks that send them to phishing landing sites designed to steal their Office 365 credentials.

The hackers are spoofing the victim’s domain in the sender email address. This can provide a false sense of security to the user and increase the likelihood of taking the bait.

These attacks could have a high rate of success in tricking potential victims since many recipients might click through and log into their Office 365 accounts to avoid losing remote access to company servers and resources.

Once the user clicks the link, they’re sent to a landing page that looks exactly like a legitimate Office 365 login. The attackers exploit Microsoft’s Azure Blob Storage, making the URL look safe.

The landing page is a cloned Office 365 login page hosted on the Microsoft-owned web.core.windows.net domain by abusing the Azure Blob Storage and it comes with a valid Microsoft certificate.

Hackers keep improving spoofing tactics, making attacks harder to recognize. It is up to every organization to take action to arm their people with the safe online behaviors and tools to protect their networks and data.

Are you ready to take action?
Find out how to protect your team with INFIMA’s Automated Security Awareness platform.

To get a quote, set up a call with our team here!

 

 

Original article here.