Office 365 Logo with transparent hacker behind it

Phishing Alert – Hackers launch phishing campaign using fake VPN update emails to steal Microsoft 365 credentials

Microsoft 365 (formerly Office 365) users are the target of a recent phishing campaign claiming to update their VPN software.

Microsoft 365 (formerly Office 365) users are the target of a recent phishing campaign claiming to update their VPN software.

The global pandemic caused by the COVID-19 outbreak and subsequent shift towards working from home has brought with it several new challenges for cyber-security specialists.

With most workers not surrounded by the better-policed cyber-security policies of the office environment, phishing attacks have seen an enormous increase in both volume and success.

In hope of increasing home cyber-security, many workers have been encouraged to use Virtual Private Networks (VPNs) to access their work. Unfortunately, hackers have cottoned on to this fact and are using this advice against the workers, turning them into phishing victims.

This recent campaign, noted by researchers at email security company Abnormal Security, claims to offer a “New VPN configuration”, asking users to follow a link and log in with their email and password, and has affected around 15,000 users. (Pictured below)

Image credit: Abnormal Security

The emails spoof the victim’s domain, appearing to come from their own “IT Support” department. This technique is very common in phishing campaigns, aiming to convince unsuspecting victims it is simply an internal memo. Though the grammar is not perfectly presented, many victims are working with far more distractions while at home and campaigns like these are seeing marked success.

So common is this type of attack that we ( have created a free tool for anyone to use which reveals whether or not their security systems are correctly configured to deal with spoofed email attacks.

For those that do fall for the email, they are led to a convincing cloned Microsoft/Office 365 login page, hosted on the domain, owned by Microsoft.

Image credit:

By abusing Microsoft’s Azure Blob Storage platform, this campaign gains significant credibility by way of a very convincing URL and official Microsoft certificate.

It is of vital importance that all workers, especially those working from home, are given regular security awareness training so they may spot these malicious campaigns.

There is still no one security software/hardware solution which can block 100% of phishing attacks. This means that when (not if) a malicious email lands in one of your users’ inboxes, you place the security of your organisation entirely on their ability to spot the malicious intent.

We offer a number of free tools in order to aid your journey down the path to employee cyber-awareness. Our most popular tool is the Free Click-Prone® Test, which reveals the exact number of users in your organisation that would fall for a real-life phishing attack.

All our readers are encouraged to use this time to educate. Do what you can, train your users and empower them to strengthen your human firewall.

Recent posts