MailGuard has intercepted a phishing email masquerading as an automated file-sharing notification, designed to harvest your confidential credentials.
Titled “SD-019478”, the email address used in its “to:” field is the same as the sender’s email address. It actually originates from a compromised email address. The email body includes a header titled “Adobe Creative Messaging System”. It informs the recipient that a “secured document” has been shared “using Adobe Creative Cloud Service”. A button is provided to open the file.
There is also a footer at the bottom of the email, which informs the recipient that “this email has been scanned for malicious malware by Adobe creative cloud anti-virus”.
Here’s what the email looks like:
Clicking on the link to open the files takes users to a page containing the GetAccept logo, which is a sales enablement platform. The domain used in the URL of this page however, doesn’t belong to GetAccept, but points to a publicly available hosting site. A blurred preview of the supposed file is included in this page, along with links for users to download or view the file, as per below:
When a user clicks on the file, they are taken to another page and asked to select their email account, either Office365 or other email, as per the below:
This is a phishing page that appears to be hosted on either a compromised or newly purchased domain. The phishing page mentions Sharepoint, OneDrive and Office 365, but only uses logos and no sophisticated branding. After users select their preferred email account, they are taken to a login form asking for their email address and password. Once these credentials are entered and submitted, the attacker harvests them for later use, and the user is met with an error saying that the credentials are invalid.
We strongly advise all recipients to delete these emails immediately without clicking on any links. Please share this alert with your social media network to help us spread the word around this email scam.
Adobe offers a comprehensive online resource to help identify fraudulent communication purporting to be from them. You can also report phishing sites by contacting Adobe directly.
As you can see from the screenshots above, cybercriminals have employed multiple elements to trick recipients. Here are some of them:
- The email body implies the document is shared via Adobe Creative Messaging System. Adobe is a popular software company that is commonly used in businesses. Their good reputation lulls victims into a false sense of security, and with such a large number of users they are an easy and attractive target.
- The footer at the bottom of the email body ironically claims that the email has been “scanned for malicious malware”. Anti-virus messages like these are common in genuine notifications from established companies like Adobe, thereby boosting the credibility of the email.
- This email also attempts to intrigue; telling the recipient that a new document has arrived creates a sense of curiosity. This motivates the recipient to click on the provided link right away, distracting them from checking the sending address of the email and looking out for any other errors.
Despite these techniques, eagle-eyed recipients of this email would be able to spot several red flags that point to the email’s in-authenticity. These include the fact that the email doesn’t address the recipient directly, that Adobe’s branding and logos do not appear in the email body, and the phishing page do not use domains belonging to either Adobe or Microsoft.
In such cases, users are reminded of the importance of not accepting/clicking on documents from unknown senders, despite the organisation they purport to be from. All attachments/links should only be accessed when users are certain about the credibility of their owners.
As a precaution, MailGuard urges you not to click links within emails that:
- Are not addressed to you by name.
- Appear to be from a legitimate company but use poor English, or omit personal details that a legitimate sender would include.
- Are from businesses that you were not expecting to hear from.
- Take you to a landing page or website that is not the legitimate URL of the company the email is purporting to be sent from.
Phishing attacks can be enormously costly and destructive, and new scams are appearing every week. Don’t wait until it happens to your business; protect your business and your staff from financial and reputational damage, now.
One email is all that it takes
All that it takes to break into your business is a cleverly-worded email message. If scammers can trick one person in your company into clicking on a malicious link they can gain access to your data.
For a few dollars per staff member per month, you can protect your business with MailGuard's predictive and advanced email security.
Talk to a solution consultant at MailGuard today about securing your company's network.
Why not stay up-to-date with MailGuard's latest blog posts by subscribing to free updates? Subscribe to weekly updates by clicking on the button below.
