Research from the GuidePoint Research and Intelligence Team highlights a sophisticated, ongoing phishing campaign that has targeted over 130 organizations. This campaign targets employees by mimicking the VPN providers their organizations use, registering domain names that are similar to the legitimate domain names. 

Security leaders weigh in 

Patrick Harr, CEO at SlashNext Email Security+:

“Unfortunately, we continue to see creative attacks like these that prey on unsuspecting users. Using typosquatting domains (those that are very similar to the actual real VPN domain) is not a new tactic. What is more creative is the use of messaging channels outside of email. SMS is now the second most attacked vector and mobile phones have minimal to no protection, hence why threat actors are creatively attacking them with greater volume.  

“Training is no longer effective against these attacks alone. That’s why it’s imperative that organizations must employ AI-based anti-phishing in SMS and other messaging apps locally on the phone to pre-emptively thwart these attacks before they compromise employees.”

John Bambenek, President at Bambenek Consulting:

“The technique of phishing users by using third-party brands is not new, however, the use of VPNs is novel and much more dangerous. This allows the attacker to get unencrypted data by placing themselves as a trusted intermediary, especially if they can get a malicious CA installed on the device. It is explicitly targeting a weak link, BYOD and employees individual devices, knowing full well that enterprise tools won’t detect this.”