Akankasha Dewan 04 September 2020 12:14:24 AEST 3 MIN READ

Email scam spoofs Adobe Document Cloud to harvest user credentials

Email users should be wary of emails landing in their inbox from Adobe Document Cloud, which may in fact be the latest scam spoofing the software in an attempt to harvest sensitive user data. Sent from ‘Document via Adobe Acrobat’ the emails mimic an actual Adobe email, telling the recipient that they have ‘a pending document’ which they are ‘required to access before the expiry date.’ It continues by informing recipients that ‘It’s mandatory you follow the below button.’

To improve engagement with the email, the subject line and the content of the email feature the recipients’ company and name.

The run of emails is continuing to be blocked by the MailGuard team, however at the time of writing no other vendors have identified it. Here’s a sample of the initial email.

Adobe Image 1-01

The cybercriminals behind the attack appear to be using read receipts to track who is actually opening the email, which is most likely being used to target specific addresses for future attacks.

The email says that it is coming from the Adobe Document Cloud, but is actually coming from multiple compromised accounts in Bangladesh and India. The phishing page appears to be hosted using Google Cloud Storage. Google offers a free trial of this service to anyone with a Google account ($300 credit over 90 days) with the only restriction being a valid credit card.

When users click through on the ‘OPEN’ link they are presented with an Adobe Acrobat page that prompts them to click ‘Download’ and ‘Logon with your own email and password.’

Adobe Image 2-01

After the link is clicked, it leads to a login page which is asking for their email address and password.

Adobe Image 3-01


Once victims enter and submit their credentials, they are served an error message saying the credentials were incorrect.

Adobe Image 4-01

Cyber-criminals frequently exploit the branding of large companies and well known brands like Adobe in their scams, because their good reputation lulls victims into a false sense of security.

As a popular software platform, email recipients are familiar with the service and cybercriminals hope victims will be less likely to question the authenticity of the message.

Phishing continues to be one of the most prevalent forms of cyber-crime. The vast majority of online scams - more than 90% - are perpetrated using email, so it’s wise to always be sceptical of messages from unfamiliar senders asking you to log into your accounts.

Phishing attacks can be enormously costly and destructive, and new scams are appearing every week. Don’t wait until it happens to your business; protect your business and your staff from financial and reputational damage, now.

One email is all that it takes

All that it takes to break into your business is a cleverly-worded email message. If scammers can trick one person in your company into clicking on a malicious link they can gain access to your data.

For a few dollars per staff member per month, you can protect your business with MailGuard's predictive and advanced email security.

Talk to a solution consultant at MailGuard today about securing your company's network.

Why not stay up-to-date with MailGuard's latest blog posts by subscribing to free updates? Subscribe to weekly updates by clicking on the button below.

Keep Informed with Weekly Updates