DemoBlade

Windows report logo

News

Threat post logo

Tech republic logo

Cybercriminals have been keen to exploit COVID-19 to create coronavirus-related malicious apps, phony websites, and phishing emails. As the pandemic has triggered a huge shift toward remote working, so, too, have criminals been trying to target business employees working at home. In a blog post published Wednesday, Abnormal Security describes a new phishing campaign that exploits the need for VPNs.

Phishing attack impersonates IT staff to target VPN users

Business email compromise (BEC) attacks represent a small percentage of email attacks, but disproportionately represent the greatest financial risk. The traditional image of a successful email attack is that of a naive employee clicking the link in a crudely crafted spam email bent on phishing. But times have changed, and employees are much more security-educated than they used to be. .

Understanding the Payload-Less Email Attacks Evading Your Security Team

Bank info security logo

Help net security logo

Phishers are impersonating companies’ IT support team and sending fake VPN configuration change notifications in the hopes that remote employees may be tricked into providing their Office 365 login credentials.

Office 365 users: Beware of fake company emails delivering a new VPN configuration

Fraudsters are using fake VPN update alerts to target remote workers in an effort to steal their Microsoft Office 365 credentials, according to the security firm Abnormal Security.

Phishers Use Fake VPN Alerts to Steal Office 365 Passwords

Homepage

Breadcrumbs

Abnormal Security provides advanced email security to prevent credential phishing, business email compromise, account takeover, and more.

Abnormal Security

Email phishing may be one of the oldest tricks up the sleeves of any hacker, but it hasn’t run out of fashion yet. For example, a malicious player recently set up an Office 365 phishing base to fraudulently obtain usercredentials. Pretty much any platform that requires user authentication to allow access can be a target for phishing. Also, anyone can be a victim, from SaaS customers to OneDrive users.

Attacker uses an Office 365 site to steal user credentials

Email phishing may be one of the oldest tricks up the sleeves of any hacker, but it hasn’t run out of fashion yet. For example, a malicious player…

description

phishing, oldest, office, base, target, email, tricks, sleeves, hacker, player, recently, fraudulently, requires, user, authentication

keywords

Email phishing may be one of the oldest tricks up the sleeves of any hacker, but it hasn’t run out of fashion yet. For example, a malicious player recently set up an Office 365 phishing base to fraudulently obtain usercredentials. Pretty much any platform that requires user authentication to allow…

https://optimise2.assets-servd.host/gifted-zorilla/production/images/press/windows-report-logo.png?w=1200&h=630&q=82&auto=format&fit=crop&dm=1631719347&s=9bdf7ba9d953c4bd9adafa85e7b144ec

https://abnormalsecurity.com/about/news/attacker-uses-an-office-365-site-to-steal-user-credentials

referrer

robots

twitter:card

twitter:creator

twitter:description

https://optimise2.assets-servd.host/gifted-zorilla/production/images/press/windows-report-logo.png?w=800&h=418&q=82&auto=format&fit=crop&dm=1631719347&s=71f2efb3b95c336724932a9297d7811e

twitter:image

twitter:image:alt

twitter:image:height

twitter:image:width

twitter:site

twitter:title

{"title":{"title":"Attacker uses an Office 365 site to steal user credentials | Abnormal"}}

Schedule a Demo

Preventing Criminals From Using AI for Cybersecurity Attacks

Abnormal Security’s CEO explains how ‘defensive A.I.’ will someday defeat cyber attacks

New study: Threat actors harness generative AI to amplify and refine email attacks

Generative AI Could Revolutionize Email—for Hackers

Email Subscribe

<p>Subscribe to our newsletter to receive updates on the latest attacks and new trends in the email threat landscape.</p>

Newsroom

<p>Abnormal Recognized as Customers' Choice for Email Security</p>

chakra-ui-ChakraProvider

Button

Container

Screen

VsMimecast

FormLayouts

VsAvanan

Abnormal Solutions

react-awesome-reveal

lottie-react

react-scroll-parallax-global

plasmic-embed-css

Abnormal Pages

plasmic-query

plasmic-basic-components

Abnormal Legal

Abnormal Why Abnormal

Abnormal Landing Pages

Abnormal Marketing

plasmic-rich-components

Abnormal Partners

Abnormal Products

Abnormal Design System

antd5 hostless

react-slick

B 1500x1500 MKT006 09 01 23 CISO Kit to Replace Your SEG

Tools

Discover why traditional secure email gateways are no longer sufficient protection from modern attacks in this kit full of multiple resources.

CISO Kit for Replacing Your SEG

Email Security

B 08 01 23 MKT324 H2 2023 Email Threat Report

Threat Reports

The latest threat report shows that 37.5% of all applications request high-risk permissions—putting your email environment in danger.

H2 2023 - Applications Abound:  Average Organization Now Integrates 379 Third-Party Applications with Email

B 1500x1500 CISO Guide to Generative AI Attacks

White Papers

Discover how cybercriminals use generative AI tools like ChatGPT to create more effective email attacks and how to protect your organization from them.

CISO Guide to Generative AI Attacks

B 06 20 23 MKT326 Human VS Chat GPT

See how generative AI is changing the threat landscape by determining if these email attacks are created by a human or by ChatGPT.

Quiz: Human or ChatGPT?

Attacker uses an Office 365 site to steal user credentials

See the Abnormal Solution to the Email Security Problem