Abnormal Security: Phishers use fake VPN update alerts to target remote workers in an effort to steal their Office 365 credentials. The phishing emails contain a link that claims to be a “new VPN configuration home access” alert. Instead of the VPN configuration page, the link directs the victim to a fake Office 365 site, where the user is urged to log in with their email and password. The fake landing page looks nearly identical to the standard Microsoft Office 365 login page, including using the company’s logos and artwork.”]
Source: https://www.govinfosecurity.com/phishers-use-fake-vpn-alerts-to-steal-office-365-passwords-a-14382