MailGuard has intercepted a new phishing campaign attempting to bypass email security filters using a PDF attachment and a deceptive login page designed to steal credentials.
What Makes This Attack Noteworthy?
Unlike bulk phishing emails, this scam is crafted to appear legitimate, leveraging a plain text email and a PDF attachment with minimal content, a tactic aimed at avoiding security detection.
The email appears to come from `Accounting <recipients domain>` but in reality, it is sent from `assistance(at)babalhara(dot)cyou`.
With basic subject lines, for example `Invoice 3939 Due`, the email content is similarly concise with a short automated payment notice and an attached PDF file. No other details are provided.
Here's an example of what the emails looks like 👇
The Scam in Action
When recipients open the attachment, they see what appears to be a secure invoice document. However, this PDF is actually an image designed to entice users to click a “View On Adobe” link.
Clicking the link redirects users to a fake Adobe-branded login page asking for their email and password credentials, under the guise of verifying their identity to view the document.
The site is hosted on a suspicious domain (`emaildns(dot)cramital(dot)top`), far removed from any legitimate Adobe services.
MailGuard’s team notes that after the phishing page requests a username and password, the user is redirected to a random, publicly hosted document which is a report from the Institute for Energy Economics and Financial Analysis. A tactic designed to reduce suspicion by providing a seemingly genuine document after the credential theft.
Why This Matters
Phishing campaigns like this one are dangerous because they exploit trust in known and trusted brands and formats (like invoices) and common business workflows (like accounting or payment processing). All it takes is one unsuspecting staff member clicking the link for an attacker to gain access to sensitive accounts, potentially leading to financial fraud, data theft, or business disruption.
Stay Safe - Know the Signs
MailGuard advises all recipients of these emails to delete them immediately without clicking on any links. Responding or providing personal details can lead to identity theft, data breaches, and financial losses.
Avoid emails that:
- Aren’t addressed to you personally.
- Are unexpected and urge immediate action.
- Contain poor grammar or miss crucial identifying details.
- Direct you to a suspicious URL that isn’t associated with the genuine company.
Many businesses turn to MailGuard after a near miss or incident. Don't wait until it's too late. Reach out to our team for a confidential discussion by emailing expert@mailguard.com.au or calling 1300 30 44 30.
One Email Is All That It Takes
All that it takes to devastate your business is a cleverly worded email message that can steal sensitive user credentials or disrupt your business operations. If scammers can trick one person in your company into clicking on a malicious link or attachment, they can gain access to your data or inflict damage on your business.
For a few dollars per staff member per month, you can protect your business with MailGuard's specialist, 'zero zero-day' email security. Special Ops for when speed matters! Our real-time 'zero zero-day', email threat detection amplifies our client’s intelligence, knowledge, security and defence. Talk to a solution consultant at MailGuard today about securing your company's inboxes.
Stay up-to-date with MailGuard's latest blog posts by subscribing to free updates. Subscribe to weekly updates by clicking on the button below.
