A new phishing attack has been discovered targeting Adobe users. This particular campaign uses an email that purports to be from the non-existent service Adobe Cloud, which informs the targeted individual that they have files to download.
The phishing attack carries all the hallmarks of previously seen campaigns. The email contains brand logos that appear genuine, as well as a URL, which until further inspection, looks like it contains an Adobe domain name.
The next stage of the attack prompts the victim to “Access Your Secured Document,” which subsequently leads them to a login page for Microsoft Office 365, Google, or their email account.
Credential harvesting
If the intended target does enter their details into the login page, they will have unwittingly handed over sensitive information. With the ill-gotten account credentials at their disposal, a cyberattacker can take over accounts belonging to the victim, sending further malicious emails in their name and committing fraudulent activity.
Adobe is far from the only well-known firm to have its brand leveraged as part of a phishing campaign. With the coronavirus pandemic forcing many individuals to work remotely, cyberattackers have decided that now is the time to spread misinformation and embark on a series of malicious campaigns. Recently employed tactics have revolved around the US presidential election and Covid-19 itself.
Although many phishing campaigns are quite sophisticated, there are often clues within malicious emails that reveal their inauthenticity. With the Adobe scam, for example, there is no product known as “Adobe Cloud” in existence. Although the attackers may have been trying to mimic the similarly named Adobe Creative Cloud, the solution is not generally intended as a file-sharing tool.
Via GreatHorn
