The attacks phishingto make themselves more plausible and difficult to identify, often tend to abuse famous brands.
The most recent case that confirms this rule sees, despite itself, the protagonist of a company such as Adobe. The famous software development company, founded way back in 1982, was in fact the victim of some cybercriminali who have exploited its platform Adobe Document Cloud for a phishing campaign.
The service in question is a suite of cloud services, focused on creating, managing, storing and sharing documents in PDF format. It includes apps like Adobe Acrobat, Adobe Scan e Adobe Sign.
Potential victims, in fact, receive an email that appears to come from Adobe. It is so plausible that it is able to bypass the most common ones anti-spam filters In circulation. The email prompts the user to download a shared PDF right on Adobe Document Cloud, through the aforementioned Adobe Sign.
Fake Emails from Adobe: Here’s How Cyber Criminals Trick You
The PDF in question is not a malicious executable and this feature makes it impossible for most to detect antivirus.
When opening the file, however, the potential victim is automatically directed towards a malicious site. This malicious platform, designed to mimic Adobe Document Cloud down to the last detail, features a form where they are requested credentials and others sensitive information to the user.
Although some signs may highlight that what is happening is suspicious, the victim is pushed into action through sense of urgency and other psychological techniques. Depending on the case, cybercriminals exploit false invoices, contracts and even warnings of alleged copyright violations to mislead users.
Not only that: in addition to stealing identities and sensitive data, malicious sites can also help cybercriminals spread malware or to involve victims in other types of digital scams.
To avoid cases of this type, in fact, maximum attention is needed. Always check the sender of an email and the possible URL to which it directs (checking for any inaccuracies) can be essential to protect your personal data.