Daniel Graziano 24 November 2015 17:47:00 AEDT 3 MIN READ

Fraudulent ‘Invoice’ Email Carries an Adobe ID Phishing PDF Attachment

Adobe ID users are the recent target of an email phishing scam threatening to comprise their login credentials.

Here is a screenshot of one variation Adobe ID account holders should be wary of:


As you can see in the example above, the purported sender is, ‘Jessie’.

Jessie has had his/her email address compromised. This may have been caused by the same style of phishing attack, a weak password, insecure servers or inferior malware protection.

Targets of this scam may be expecting to hear from, or trust information distributed by Jessie.

‘Jessie’ alerts the recipient of an attached invoice, and this attack is in full swing.

When compared to many other email phishing scams we have blocked, this attempt is fairly basic.


Upon downloading the attached PDF, the target is prompted to follow the “click here” hyperlinked text to “unlock document”. They are encouraged to dismiss any security warnings they receive when trying to access the invoice.


This particular threat does not contain any malware, unlike previous instances in which cyber criminals have obfuscated malicious JavaScript files by forging PDF file types.

This attempt preys on Adobe users, and prompts them to enter their username and password to gain access to their Adobe ID account and related accounts that use the same login credentials.

Phishing preys on the weakest link in the IT security chain – users. Tricking someone into handing over their password is far simpler than breaking into a bolstered system. As a result, hackers use sophisticated social engineering techniques to manipulate users and obtain sensitive data.

How to prevent phishing:

  • Delete emails that are impersonal or not addressed to you by name.
  • Be wary of communication from senders you were not expecting to hear from.
  • Mouse over the link to see where it will take you before you click it. Pay close attention to the URL the purported sender uses. If it takes you somewhere you don't recognise, then it's something to treat as suspicious.

Whilst this attempt isn’t as sophisticated as many other examples we have seen, it will still fool less vigilant recipients into entering their login credentials. It is important to identify any oddities in URLs and immediately exit any webpages that do not match that of the official sender.

What happens if you click on a phishing link?

In the case of this threat, nothing – as long as you exit the web page without submitting any sensitive data. If you happen to enter your login information, immediately change your password on your account and any account which shares the same credentials.

Many phishing sites contain payloads which will attempt to download malicious files onto your computer without your consent. As a result, the best course of action is to not take any chances, and immediately delete any non-legitimate communication.

How to report a scam:

Adobe offers a comprehensive online resource to help identify fraudulent communication purporting to be from them. You can also report phishing sites by contacting Adobe directly.

Educating staff and employing cloud-based email and web filtering is your first and best line of defence. Compliment this multilayered defence with on premise antivirus, anti-malware and anti-spyware solutions. This will go a long way to mitigating the risk from a wide range of email scams.

Keep up to date on the latest email scams by subscribing to MailGuard’s weekly update or follow us on social media.

Keep Informed with Weekly Updates

^ Back to Top