In the underground markets, stealing corporate credentials is a lucrative industry. Threat actors have been discovered to go to great efforts to get them. Another gang of fraudsters has been spotted imitating Adobe online services and luring their victims with phony notifications.
What Transpired?
According to the researchers, the phishing email message states that a file was shared online using Adobe PDF.
This service name does not exist. However, it is suspected that phishing emails could be masquerading as real services such as Acrobat Online or Document Cloud.
- The webpage for downloading the common file looks like an authentication window with a blurred Adobe Acrobat Reader DC interface.
- Despite the blur, the authentication window is not matched with the EMInvoice R6817-2p[.]pdf file. The downloading window, post the download displays the file name as Wire Transfer Receipt[.]pdf.
- Furthermore, the Invoice is written all over the blurred document. The filename, however, indicates receipt, confirming the payment actually received.
Phishing with PDF’s in emails
In several recently reported attacks, the use of malicious PDF attachments in phishing emails is prominently displayed. There have always been many occasions in which victims have been tested and exploited by employing PDF files by attackers.
- Recently, the AsyncRAT payload was disseminated by a well-drafted message through a spear-phishing attack. Malicious links were included as PDF attachments in the phishing e-mails.
- Cybercriminals behind the SolarMaker malware campaign were found to use PDFs in the past month. SEO keywords have been used to steal data and passwords in those infected PDFs.
Phishing emails that spoof the names of the famous software are a common but efficient threat to stupid beneficiaries. The danger of infection can be significantly reduced by a standard set of measures of safety hygiene. By teaching their personnel to recognize phishing assaults, companies can protect themselves. In addition, they can apply anti-phishing solutions and use anti-phishing security tools.
To read more, please check eScan Blog
