Hackers are always trying different ways to get you to let your guard down. In that endeavor, they try to leverage the current state of affairs to craft their phishing attack. For instance, today many people are working from home who normally wouldn’t be. Hackers use that information to launch their phishing attack, like the one supposedly delivering a new VPN configuration.
People working from home for the first time may not have a lot of experience doing that, but they quickly learn that they need a VPN (virtual private network) to securely communicate with the main office. So, if they receive an email from the company’s IT department informing them that they need to update their VPN configuration, it is a perfectly logical email to receive. And that’s exactly why it’s being used to phish employees right now.
According to Help Net Security, “Phishers are impersonating companies’ IT support team and sending fake VPN configuration change notifications in the hopes that remote employees may be tricked into providing their Office 365 login credentials. The sender email address is spoofed to impersonate the domain of the targets’ respective organizations. The link provided in the email allegedly directs to a new VPN configuration for home access. Though the link appears to be related to the target’s company, the hyperlink actually directs to an Office 365 credential phishing website.”
This is a particularly difficult phishing email to detect because the “phishing Office 365 login page is hosted on a Microsoft .NET platform, with a valid Microsoft certificate.” In other words, only the most highly trained and suspicious workers will be able to detect this attack. And only one has to be fooled to put all the others at risk. So, how do you combat such technologically-advanced phishing tactics? With technologically-advanced email security like Phish Protection.
Phish Protection is cloud based, which means it protects every device (laptop or mobile) everywhere (home or office). Phish Protection stops domain name spoofing, display name spoofing and malicious attachments. It works with all major email services as a simple add on. And most importantly, requires no hardware to purchase, no software to purchase and sets up in 10 minutes.
If you still have employees working from home, don’t leave them out there on an island. Protect them with Phish Protection for just pennies per user per month. You can try it for free for 60 days.