A new Phishing scam involving a VPN configuration email to trick Microsoft 365 users from giving their credentials away. This time scammers have found a creative way to trick people seeking online privacy, security and anonymity. The latest scam involves the prominent use of VPNs by remote workers. Scammers are sending relevant phishing emails in order to steal Microsoft 365 credentials.
The new scam was discovered by researchers at Abnormal Security. In their blog post, Abnormal Security mention that the attackers impersonate a notification email from the company’s IT support. The sender’s email address is spoofed, and the email contain a link to a new VPN configuration for home access. It turns out that the hyperlink actually directs the user to an Office 365 credential phishing site. Therefore, if people fall for this attack, then their credentials would be compromised.
However, there are ways to stop scams like this from succeeding. Here are two important things to take away to avoid yourself from falling into the trap.
- Activate Microsoft 365 Multi-factor authentication- By adding in Multi-authentication layers to your accounts means that scammers will not be able to steal your credentials.
- Educate users – Take time in teaching your employees on the red flags that a phishing email would contain, and educate them on cyber threats. Cyber security training programs help minimise the risk.
Therefore to help you out, we’ve listed out the red flags you need to look out for in order to avoid falling for the trap.
How to spot a Phish?
Here are the red flags you need to watch out for whenever you receive an email.
- From Field – Do I know the sender? Do I normally communicate with the sender? Is the email from a suspicious domain? If in doubt, don’t open it.
- Attachment – Were you expecting to receive an attachment? Do you normally receive attachments from the sender? What type of file is attached? If in doubt, don’t open the attachment.
- Subject Line – Does the subject line create a sense of urgency? Does the subject line match the email content?
- Use of Language – Do you have an account or association with the company? Does the email contain obvious spelling or grammatical errors?
- Hyperlinks – Is the test of the link the same as the destination? Does the link include incorrect spelling or modified version of a known URL? If in doubt, do not click on the link. Verify the link by calling the sender.
Siccura Cybershield
Siccura Cybershield is the most interactive Cyber security training awareness program. With a philosophy as simple as Test. Aware. Engage, we’ll help you:
- Test your employees and IT defences by playing the role of an attacker.
- Make your employees aware of the types of attacks such as Phishing, Vishing, Ransomware and more
- Engage your employees by sharpening their knowledge, and teaching them how to combat threats.
Through the training program, we’ll help you turn your employees into a Human Cybershield ready to defend your business.
3 Comments
nitroglycerin senza ricetta in Spagna - January 13, 2024
Fantastic website. Lots of useful information here.
I am sending it to a few buddies ans additionally sharing in delicious.
And naturally, thank you for your sweat!
sex shop - January 16, 2024
We would like to thank you all over again for the wonderful
ideas you offered Janet when preparing her own post-graduate research as well as, most
importantly, for providing all of the ideas in one blog post.
In case we had been aware of your web-site a year ago, i’d have been rescued from the nonessential measures we were having
to take. Thank you very much. sex shop
Rastrear Celular - February 11, 2024
Existe alguma maneira de recuperar o histórico de chamadas excluídas? Aqueles que possuem backup na nuvem podem usar esses arquivos de backup para restaurar registros de chamadas de celular.