In the midst of the current COVID-19 pandemic, it's common for employees working remotely to share business documents with one another via email. It looks like cybercriminals are increasingly exploiting that trend.
MailGuard has intercepted a phishing email masquerading as a new document sharing notification that is designed to harvest your confidential credentials.
The email is titled "SD-0035890”, which is supposedly the name of the file being shared. The email address in to: field includes the sender’s email address. It actually originates from a compromised email address.
The email body includes a header titled “Adobe Creative Messaging System,” along with the words “Project Corporation Construction” – all in capital letters. It informs the recipient that a “secured document” has been shared “using Adobe Creative Cloud Service”. A button is provided to open the file, which is titled “SD-0035890.pdf”.
There is also a footer at the bottom of the email, which informs the recipient that “this email has been scanned for malicious malware by Adobe creative cloud anti-virus”.
Here is what the email looks like:
Clicking on the link to open the files takes users to a page containing the GetAccept logo, which is a sales enablement platform. A blurred preview of the supposed file is included, along with links for users to download or view the file, as per below:
When a user clicks on the file, they are taken to another page and asked to select their email account, either office 365 or other email. Once users select their preferred email account, they are taken to a login form, as per the below:
After entering their email address and password to login, users are finally redirected to the Google homepage.
We strongly advise all recipients to delete these emails immediately without clicking on any links. Please share this alert with your social media network to help us spread the word around this email scam.
Adobe offers a comprehensive online resource to help identify fraudulent communication purporting to be from them. You can also report phishing sites by contacting Adobe directly.
As you can see from the screenshots above, cybercriminals have employed multiple elements to trick recipients. Here are some of them:
- The email body implies the document is shared via Adobe Creative Messaging System. Adobe is a popular software company that is commonly used in businesses. Their good reputation lulls victims into a false sense of security, and with such a large number of users they are an easy and attractive target.
- The footer at the bottom of the email body ironically claims that the email has been “scanned for malicious malware”. Anti-virus messages like these are common in genuine notifications from established companies like Adobe, thereby boosting the credibility of the email.
- This email also attempts to intrigue; telling the recipient that a new document has arrived creates a sense of curiosity. This motivates the recipient to click on the provided link right away, distracting them from checking the sending address of the email and looking out for any other errors.
Despite these techniques, eagle-eyed recipients of this email would be able to spot several red flags that point to the email’s in-authenticity. These include the fact that the email doesn’t address the recipient directly, and that Adobe’s branding and logos do not appear in the email body.
In such cases, users are reminded of the importance of not accepting/clicking on documents from unknown senders, despite the organisation they purport to be from. All attachments/links should only be accessed when users are certain about the credibility of their owners.
As a precaution, MailGuard urges you not to click links within emails that:
- Are not addressed to you by name.
- Appear to be from a legitimate company but use poor English, or omit personal details that a legitimate sender would include.
- Are from businesses that you were not expecting to hear from.
- Take you to a landing page or website that is not the legitimate URL of the company the email is purporting to be sent from.
Don't get scammed
If your company’s email accounts aren’t protected, emails like these are almost certainly being received by your staff. Cybercriminals know people can be tricked; that’s why they send out millions of scam messages and put so much effort into making them look convincing.
People are not machines; we're all capable of making bad judgement calls. Without email filtering protecting your business, it’s just a matter of time before someone in your organisation has a momentary lapse of judgement and clicks on the wrong thing.
One email is all that it takes
All that it takes to break into your business is a cleverly-worded email message. If scammers can trick one person in your company into clicking on a malicious link they can gain access to your data.
For a few dollars per staff member per month, you can protect your business with MailGuard's predictive and advanced email security.
Talk to a solution consultant at MailGuard today about securing your company's network.
Why not stay up-to-date with MailGuard's latest blog posts by subscribing to free updates? Subscribe to weekly updates by clicking on the button below.
