• Admin

Malicious VPN Email And Pop-up Attacks

Published: May 02, 2021 on our newsletter Security Fraud News & Alerts Newsletter.


For many these days, working remotely is part of the new normal of this pandemic era. It’s probably also be the first time that staffers are away from the watchful eyes of IT departments, and that's making it easier for hackers to do their jobs. Two years ago, the Census Bureau reported the average work commute added 200 hours a year to our jobs. It’s easy to see why many staffers are content to swap their daily commutes for their sofas and a laptop. Researchers have discovered a fake VPN (virtual private network) scam that specifically targets remote employees. And since working from home can have its security shortcomings, bad actors are working overtime to exploit the opportunity to strike.


The discovery by Abnormal Security finds the fake VPN alerts can lead to identity theft, but they also open the door for bad actors to enter a data system. It starts with a bogus pop-up alert about the VPN needing an update. Once a device is compromised any number of attacks can follow, including ransomware and other threats. Companies use VPNs for safe access to corporate networks and data, allowing employees to work securely from home. However, a new rash of email phishing attacks are getting staffers to fall for the fake VPN update alert.


According to Abnormal Security, the goal of the fraudulent alerts is stealing Microsoft Office 365 credentials via the fake VPN update. Researchers also discovered the email phishing campaign uses a spoofed domain to make the email address look like it’s from the IT department. The email has a link for a “new VPN configuration home access” that needs to be opened and updated. According to the report, the link takes the victim to a bogus Office 365 site where the user is urged to log in with their email and password.



Before you click “update,” check with IT or a manager to find out if the VPN update is legitimate and not an identity theft scam, ransomware attack, or any other variety of hacking exploits. It’s important to give random pop-up windows a closer look since one wrong click can take down an entire business. If the VPN update is approved, always go to the developer website for the update. Remember, an update that’s been approved by your employer and downloaded from the developer site is the safest way to avoid fake VPN updates and other security issues while working from home.


As always, watch out for phishing lures, whether you’re working at home or by the pool. Those attacks don’t slow down just because times are changing. Look out for:

  • Misspelled words and poor grammar

  • Generic greetings

  • Unfamiliar senders

  • Unexpected links or attachments, regardless of whether you know the sender or not

  • Any sense of urgency that might be included in the message

If any of these exist, it may be phishing. Get advice from a manager or the IT department before reacting.


Keep up to date: Sign up for our Fraud alerts and Updates newsletter

Want to schedule a conversation? Please email us at advisor@nadicent.com


4 views0 comments