MailGuard has intercepted a phishing email masquerading as an automated file-sharing notification, designed to harvest your confidential credentials.
Titled “SD-019478”, the email address used in its “to:” field is the same as the sender’s email address. It actually originates from a compromised email address. The email body includes a header titled “Adobe Creative Messaging System”. It informs the recipient that a “secured document” has been shared “using Adobe Creative Cloud Service”. A button is provided to open the file.
There is also a footer at the bottom of the email, which informs the recipient that “this email has been scanned for malicious malware by Adobe creative cloud anti-virus”.
Here’s what the email looks like:
Clicking on the link to open the files takes users to a page containing the GetAccept logo, which is a sales enablement platform. The domain used in the URL of this page however, doesn’t belong to GetAccept, but points to a publicly available hosting site. A blurred preview of the supposed file is included in this page, along with links for users to download or view the file, as per below:
When a user clicks on the file, they are taken to another page and asked to select their email account, either Office365 or other email, as per the below:
This is a phishing page that appears to be hosted on either a compromised or newly purchased domain. The phishing page mentions Sharepoint, OneDrive and Office 365, but only uses logos and no sophisticated branding. After users select their preferred email account, they are taken to a login form asking for their email address and password. Once these credentials are entered and submitted, the attacker harvests them for later use, and the user is met with an error saying that the credentials are invalid.
We strongly advise all recipients to delete these emails immediately without clicking on any links. Please share this alert with your social media network to help us spread the word around this email scam.
Adobe offers a comprehensive online resource to help identify fraudulent communication purporting to be from them. You can also report phishing sites by contacting Adobe directly.
As you can see from the screenshots above, cybercriminals have employed multiple elements to trick recipients. Here are some of them:
Despite these techniques, eagle-eyed recipients of this email would be able to spot several red flags that point to the email’s in-authenticity. These include the fact that the email doesn’t address the recipient directly, that Adobe’s branding and logos do not appear in the email body, and the phishing page do not use domains belonging to either Adobe or Microsoft.
In such cases, users are reminded of the importance of not accepting/clicking on documents from unknown senders, despite the organisation they purport to be from. All attachments/links should only be accessed when users are certain about the credibility of their owners.
As a precaution, MailGuard urges you not to click links within emails that:
Phishing attacks can be enormously costly and destructive, and new scams are appearing every week. Don’t wait until it happens to your business; protect your business and your staff from financial and reputational damage, now.
One email is all that it takes
All that it takes to break into your business is a cleverly-worded email message. If scammers can trick one person in your company into clicking on a malicious link they can gain access to your data.
For a few dollars per staff member per month, you can protect your business with MailGuard's predictive and advanced email security.
Talk to a solution consultant at MailGuard today about securing your company's network.
Why not stay up-to-date with MailGuard's latest blog posts by subscribing to free updates? Subscribe to weekly updates by clicking on the button below.