Office 365 Phishing Attack Targeting Remote Workers Has Evolved
As states and businesses slowly begin reopening during the COVID-19 pandemic, attackers are still looking for ways to exploit the situation. Researchers at Abnormal Security found that phishing attacks are now leveraging fake Virtual Private Network (VPN) configurations to target Office 365 users and steal their credentials.
This threat targeting Office 365 users has been evolving since March. The attack originated as a phishing email that urged users to log in to their Office 365 and provided a link leading to a perfectly replicated version of Microsoft’s login page. After users enter their login credentials into the malicious page, the credentials are sent to the attacker who can then use them to access any online accounts and systems linked to those credentials.
The latest version of this threat begins with a phishing email sent to individuals that impersonates a notification from their company’s IT support department. One of the biggest differences between the previous Office 365 attack and this evolved version is that the email address on the notification is spoofed to appear as if it came from within the victim’s organization. Spoofed emails are a popular tactic for cybercriminals because they disguise the attacker’s actual email address to appear as a trusted source, therefore convincing victims that the email is legitimate and safe to click on.
The threat actors behind this attack skillfully deliver messages that are likely to catch the attention of remote employees by taking advantage of the fact that VPN’s have become essential for many workers during the COVID-19 lockdowns. The phishing email contains a link to an alleged “new VPN configuration for home access,” which actually redirects to an Office 365 phishing website once clicked on.
Like the previous version of this attack, threat actors are aiming to trick victims into logging into the false Microsoft page in order to steal their credentials for their online accounts. To do so, attackers have developed a convincing login page that perfectly replicates Office 365. Once attackers receive the victim’s personal Microsoft credentials, they can be used to access the victim’s work accounts as well as their other accounts that are linked to the same credentials.
- Implement Multifactor Authentication in O365 Multifactor authentication adds an extra layer of security when a user logs in and provides alerts when someone is trying to use their credentials.
- Use unique passwords for your online accounts. Ensure that your online accounts are protected by using unique passwords for each of your individual accounts online. This can help protect your personal information by ensuring that if an attacker gains access to login credentials for one of your online accounts, they will not be able to use that information to access your other accounts.
- Utilize a Password Manager Password managers allow users to encrypt and store passwords for various accounts. This prevents credential theft from being too damaging by enabling an easy user experience for assuring strong, unique passwords across multiple user accounts.
- Recommended link: https://www.cnet.com/how-to/best-password-manager-to-use-for-2020/