Windows report logo

News

Threat post logo

Tech republic logo

Cybercriminals have been keen to exploit COVID-19 to create coronavirus-related malicious apps, phony websites, and phishing emails. As the pandemic has triggered a huge shift toward remote working, so, too, have criminals been trying to target business employees working at home. In a blog post published Wednesday, Abnormal Security describes a new phishing campaign that exploits the need for VPNs.

Phishing attack impersonates IT staff to target VPN users

Business email compromise (BEC) attacks represent a small percentage of email attacks, but disproportionately represent the greatest financial risk. The traditional image of a successful email attack is that of a naive employee clicking the link in a crudely crafted spam email bent on phishing. But times have changed, and employees are much more security-educated than they used to be. .

Understanding the Payload-Less Email Attacks Evading Your Security Team

Bank info security logo

Help net security logo

Phishers are impersonating companies’ IT support team and sending fake VPN configuration change notifications in the hopes that remote employees may be tricked into providing their Office 365 login credentials.

Office 365 users: Beware of fake company emails delivering a new VPN configuration

Fraudsters are using fake VPN update alerts to target remote workers in an effort to steal their Microsoft Office 365 credentials, according to the security firm Abnormal Security.

Phishers Use Fake VPN Alerts to Steal Office 365 Passwords

Homepage

About Us

News & Press

Attacker uses an Office 365 site to steal user credentials

Breadcrumbs

Email phishing may be one of the oldest tricks up the sleeves of any hacker, but it hasn’t run out of fashion yet. For example, a malicious player recently set up an Office 365 phishing base to fraudulently obtain usercredentials. Pretty much any platform that requires user authentication to allow access can be a target for phishing. Also, anyone can be a victim, from SaaS customers to OneDrive users.

Email phishing may be one of the oldest tricks up the sleeves of any hacker, but it hasn’t run out of fashion yet. For example, a malicious player…

description

phishing, oldest, office, base, target, email, tricks, sleeves, hacker, player, recently, fraudulently, requires, user, authentication

keywords

Email phishing may be one of the oldest tricks up the sleeves of any hacker, but it hasn’t run out of fashion yet. For example, a malicious player recently set up an Office 365 phishing base to fraudulently obtain usercredentials. Pretty much any platform that requires user authentication to allow…

https://optimise2.assets-servd.host/gifted-zorilla/production/images/press/windows-report-logo.png?w=1200&h=630&q=82&auto=format&fit=crop&dm=1631719347&s=9bdf7ba9d953c4bd9adafa85e7b144ec

https://abnormalsecurity.com/about/news/attacker-uses-an-office-365-site-to-steal-user-credentials

referrer

robots

twitter:card

twitter:creator

twitter:description

https://optimise2.assets-servd.host/gifted-zorilla/production/images/press/windows-report-logo.png?w=800&h=418&q=82&auto=format&fit=crop&dm=1631719347&s=71f2efb3b95c336724932a9297d7811e

twitter:image

twitter:image:height

twitter:image:width

twitter:site

twitter:title

{"title":{"title":"Attacker uses an Office 365 site to steal user… | Abnormal Security"}}

While the administration may look to strengthen security against cyberattackers for cloud providers, like Amazon, Microsoft and Google, experts say the onus is on the customer.

The Biden administration may eye CSPs to improve security, but the real caveat emptor? Secure thyself

Teiss logo

Despite sophisticating email threats, many organizations still rely on traditional methods of email security, primarily secure email gateway (SEG) solutions that have failed to keep up with cyber criminals as they have evolved their tactics. While traditional controls are still effective at blocking commodity types of attacks, they simply cannot detect and block the sophisticated and modern attacks that were seeing more of today.

Emerging attacks leaving SEGs in the dust

Government tech logo

It was shortly after the pandemic struck in March 2020 when Alamada-Contra Costa Transit District realized they had a problem. This is how it happened, said Tas Jalali, AC Transits head of cybersecurity, in an interview with Industry Insider  California. I was hired in late 2019, early 2020 to build the cybersecurity practice. At that point, AC Transit was running a traditional security email gateway. I do not want to mention the vendor, but it was not effective; there were a lot of challenges with it.

Transit Agency Faced Growing Problem, Chose Abnormal Solution

Dark reading logo

Pig butchering is a repulsively named, rising investment scam that uses a potent mix of the promise of romance and the lure of making easy cryptocurrency millions against its unsuspecting targets.

Pig Butchering & Investment Scams: The $3B Cybercrime Threat Overtaking BEC

Bay area inno logo

More than half of the startups named on Forbes' newest 500-company list of the "Best Startup Employers" in America, including Abnormal Security, are based in the Bay Area.

Bay Area dominates Forbes 2023 'Best Startup Employers'

The cyber wire logo

Women make up about 24% of the cybersecurity workforce. While the disparity between the number men and women in our industry is shrinking in quantity, it is not in terms of equity. The theme of 2023's International Women's Day is #EmbraceEquity  "For International Women's Day and beyond, let's all fully #EmbraceEquity.

Thoughts on International Women's Day 2023.

Forbes logo

Americas Best Startup Employers 2023 was compiled by evaluating 2,600 U.S.-based businesses with at least 50 employees based on three criteria: employer reputation, employee satisfaction and growth. The final list ranks 500 employers.

America’s Best Startup Employers

Fast company logo

From high-profile leaders such as OpenAI, DeepMind, and Nvidia to specialists like Signifyd and Voxel, these companies are applying AIs transformative power to an array of tasks.

The 10 most innovative companies in artificial intelligence of 2023

In this Help Net Security video, Crane Hassold, Director of Threat Intelligence at Abnormal Security, provides insight into the impact of multilingual BEC attacks. They significantly impact global companies that operate in multiple regions and communicate with partners, suppliers, and customers in different languages.

Expert strategies for defending against multilingual email-based attacks

CO gartner market guide email security

Press Releases

Recommendations include using AI-based email security solutions that can detect communication patterns and conversational-style anomalies.

Abnormal Security Named as a Representative Vendor in 2023 Gartner® Market Guide for Email Security

Security boulevard logo

Email security is often overlooked on a macro level, even as business email compromise (BEC) attacks continue to pose a critical threat to business operations. Reports from Abnormal Security and At-Bay revealed the extent of the riskAbnormals report revealed the median open rate for text-based BEC attacks was nearly 28%.

Business Email Compromise (BEC) Attacks Persist

Behind the shield logo

Podcasts

Mike Britton, CISO for Abnormal Security, brings guest customer Joel Godbout, Cybersecurity Manager at PCL Construction, to discuss Securing Your Cloud Email Platform from Socially-Engineered Attacks.

Behind the Shield - Feb 2023

Demo

Schedule a Demo

Email Subscribe

<p>Subscribe to our newsletter to receive updates on the latest attacks and new trends in the email threat landscape.</p>

B 02 14 23 Gartner report 2024

Analyst Research

Abnormal’s fundamentally different approach to cloud email security provides the best protection against existing and emerging attack techniques.

2023 Gartner® Market Guide for Email Security

Email Security

B 02 15 23 ROI Calculator

Tools

Discover the ROI you can experience with Abnormal Security.

ROI Calculator: Discover Your Abnormal Return on Investment

Abnormal Platform

B 02 08 23 1500x1500 H12023 Threat Report

Threat Reports

Abnormal’s latest report on business email compromise trends and statistics finds that employees open 28% of attacks and reply to 15% of them.

H1 2023: “Read” Alert: Data Shows 28% of BEC Attacks Opened by Employees

B 12 05 22 1500x1500 Resource Center Analyst L1 R1

Learn how investing in Abnormal Security can yield a 278% ROI within 3 years and help your organization avoid $4 million in losses from BEC.

404

This page could not be found.