Sophisticated Phishing Attack Leverages VPN Access

2025-01-29

The University of Toronto's Computer Science department was hit by a highly sophisticated phishing attack. The attacker spoofed a departmental email address, successfully phishing a user's password. Alarmingly, the attacker used the stolen credentials to quickly register the user for the department's VPN, then used the internal-only SMTP gateway to send spam. This demonstrates pre-attack reconnaissance of the target's VPN and email environment, highlighting increasingly advanced attack techniques and the need for robust cybersecurity defenses.