Office 365 customers reported that a phishing campaign is using a fake VPN update to steal their login details.
According to reports, security agencies have said that the message usually asks all the remote employees to update their VPN service. This allows the scammers to access the login username and password of the users.
The messages are sent via email addresses that look like legitimate IT support department accounts so users open them in order to update their services. Abnormal Security issued a report saying that 15,000 people have been targeted so far via this scam.
Due to the pandemic, more and more people are working from home and this provides a huge consumer base to the hackers. The phishing campaigns have become more effective than before as employees also use VPNs to stay connected to their offices. However, you need to stay vigilant and confirm with the company before you update any VPN service.