Watch Out for Fake VPN Update Alerts That Were Set up to Steal Your Office 365 Password

Are you still working from home? If your home is still the only office that you visit these days, you probably use a VPN to connect to your work databases remotely. Although working from home seems like a cozy and safe option, this kind of work arrangement has its own security issues.

Depending on the platforms you use for work, you could be exposed to multiple cyber scams. For instance, there are multiple Office 365 Password scams out there, and we would like to draw your attention to one of them today. The Office 365 Password scam that we want to discuss is related to VPN updates, and it shows how cybercriminals can make use of such aspects to carry out a credential phishing attack.

Three threats in one

Before we dig deeper into the VPN update scam, we would like to remind you that we have covered the three main security threats you might face when working from home. In our previous entry, we have determined that phishing, password security, and network access are the main aspects of cybersecurity that are of vital importance when you work from home.

To put it simply, users have to be wary of phishing attacks because those can be used anywhere and anytime by cybercriminals in order to steal personal credentials. Furthermore, when you access your company’s databases from home, you have to pay extra attention to password security because authentication methods and practices cannot be overlooked no matter what.

In fact, when you need to ensure safe authentication and remote access, it is recommended to use tools like Cyclonis Password Manager that can help you generate and store strong and unique passwords. And finally, we have the network access issue, when employees often have to use VPN to reach the necessary data. Some of the system security features might be turned off for the VPN to work, so if that is the case, it is important to employ other security measures that would help people avoid things like the Office 365 Password scam.

VPN update impersonation

The scam that we want to discuss incorporates all three aspects of cybersecurity that are really important when you work from home. This VPN Update impersonation scam was uncovered by Abnormal Security, and the report provides insights on such attacks that can reach any company out there.

The platform that is targeted by this VPN Update impersonation scam is Microsoft Office 365. If you think that you’ve been at the receiving end of this attack, you might want to reset your Office 365 password while you’re at it.

Based on the provided research, up to 15,000 mailboxes have been affected by the attack, and the payload is delivered through a spoofed email. What is a spoofed email? That’s when cybercriminals impersonate someone else to deliver the malicious payload to their victims. In the case of this scam, the attackers impersonate the IT support teams from specific companies.

The current COVID-19 pandemic situation allows cybercriminals to carry on with such attacks because corporations are forced to move most of their work online. As mentioned, employees who work from home may need to use VPNs to connect to company servers remotely. We also believe that the IT departments from various corporations are adamant about ensuring safe remote access, and therefore, employees definitely know that they have to update the software they use regularly. Consequently, an email from an IT department about a VPN update might not seem suspicious at all.

In fact, security research companies have noticed multiple versions of this VPN update attack. The attackers have spoofed different emails from various corporations to trick their employees into giving away their credentials. However, despite the fact that multiple corporations have been attacked, the payload (which is the malicious link in the email) leads to the same page. It only proves that the phishing website is controlled by a single attacker.

There is no preview available in the phishing email, but the targeted employees are urged to “login with your email and password.” Clicking the link redirects victims to a spoofed Office 365 page. It looks like the real deal, but entering the actual email and password allows the cybercriminals to steal the credentials. As a result, the account and the information available on the compromised Microsoft account are automatically at risk. Again, if you happen to have entered your credentials on a spoofed login page, we urge you to reset your Office 365 password.

How come credential phishing is effective?

Although every single employee who works remotely should be familiar with the basic aspects of cybersecurity, credential phishing still works remarkably well. As mentioned, the number of corporations that are now dependent on VPN access has skyrocketed due to the COVID-19 pandemic. VPN updates will be treated seriously by employees who work from home because outdated configuration would hinder task completion. Consequently, this aspect is exploited by cybercriminals and credential phishing scams.

What’s more, sometimes it might be hard to differentiate between spoofed emails and actual messages from your IT department. In some cases, it could be easier to spot the discrepancies if the scam messages are in languages other than English, but if English is your primary language or if you use it at work, it could be challenging to tell which message is real and which is fake. For that reason, it is important to remain attentive and check the URL of the platforms that these messages try to redirect you to. Also, if you don’t know whether the email is legitimate or not, you can employ other communication methods (like the instant messaging system you use at your company) to double-check with the IT department whether they’ve really sent that message out.

Seeing how the instances of such attacks are getting only more common, it wouldn’t be too far-fetched to say that anyone working remotely and using a VPN could become a target of the VPN update scam. Therefore, it is necessary to remain attentive, and do not hesitate to check the legitimacy of the messages you receive if something feels off.

September 28, 2020

Leave a Reply