Cyber criminals have been targeting remote workers with a phishing attack that seeks to steal user credentials.
The scam sees attackers send staff an email pretending to be from their organisation’s IT department. It requests users update the VPN configuration used to access the company network while working from home.
Users who click the link in the email are directed to a fake page that looks identical to a legitimate Office 365 login page. Staff who are misled into entering their credentials give the fraudsters the details to their Office 365 account.
Cyber criminals constantly look for new opportunities to trick people into revealing sensitive information.