Phishing attacks on the rise due to attackers taking advantage of trust in VPNs

Tools
Phishing attacks on the rise due to attackers taking advantage of trust in VPNs

Published:

Written by: Staff Editor
spot_img

Beware of Phishing Campaign Impersonating VPN Providers in the US

Malicious actors are targeting employees in the US by impersonating VPN providers used by their companies, according to the GuidePoint Research and Intelligence Team (GRIT). This ongoing phishing campaign has already impacted over 130 organizations in the US.

The threat actor behind this campaign has registered domain names that closely resemble the VPN providers used by the targeted organizations since June 26th, 2024. They often call individuals pretending to be from the help desk or IT team, claiming to resolve a VPN login issue. If successful, the threat actor sends the user an SMS link leading to a fake VPN site.

Custom VPN login pages have been set up for each targeted organization, with domain names like ciscoweblink.com and vpnpaloalto.com. These fake pages mimic the legitimate ones, collecting usernames, passwords, and tokens, even bypassing multifactor authentication.

Once access is gained, the threat actor scans the network for targets for lateral movement and further escalation. GRIT warns that this social engineering tactic is hard to detect, as it occurs outside traditional security tool visibility.

Users are advised to check logs for suspicious VPN activity within the past 30 days and report any signs of compromise to their security team. Vigilance is key in combating these sophisticated phishing attacks.

spot_img

Related articles

Recent articles

Webinar: Uncovering Suspicious APK Files in Wedding Card and Loan App Scams

Fact Check
The surge of malicious APK files in cyber fraud schemes, such as fake wedding invitations and instant loan applications, has become a growing concern....
Read more

Skylon Partners with COBNB to Launch COBNB+ Featuring L’Occitane en Provence Hotel Amenities

Regional
Skylon Partners with COBNB for a Luxurious Hospitality Experience in Kuala Lumpur Introduction to the New Partnership In an exciting development for the hospitality scene in...
Read more

Understanding CISA KEV: Key Insights and Tools for Security Teams

Resources
Understanding the CISA Known Exploited Vulnerability (KEV) Catalog The Cybersecurity and Infrastructure Security Agency (CISA) maintains the Known Exploited Vulnerability (KEV) catalog, a resource designed...
Read more

Dark Web Leak Sparks WFH Job Scams; Prayagraj Police Freeze ₹2 Crore in Fraudulent Funds

Dark Watch
Rising Cybercrime in Prayagraj: A New Target Shifting Tactics of Cybercriminals In Prayagraj, the landscape of cybercrime is evolving. Previously, scammers predominantly targeted victims through enticing...
Read more
Sign up to the Newsletter and never miss out on the latest news!
Join the Cyber Warriors community and get Insider Tips & Tricks to defend your digital assets.

© Cyberwarriorsmiddleeast.com