Phishers are impersonating companies’ IT support team and sending fake VPN configuration change notifications in the hopes that remote employees may be tricked into providing their Office 365 login credentials.
Yet another Office 365 phishing campaign
“The sender email address is spoofed to impersonate the domain of the targets’ respective organizations. The link provided in the email allegedly directs to a new VPN configuration for home access. Though the link appears to be related to the target’s company, the hyperlink actually directs to an Office 365 credential phishing website,” Abnormal Security explained.
The phishers are betting on the high possibility that the recipients are working from home and need to use VPN for work-related tasks. They hope the targets will be concerned about the possibility of losing access to ..
Support the originator by clicking the read the rest link below.
