Phishers are targeting Office 365 users by exploiting Adobe Cloud

2022-01-13 14:22

Phishers are creating Adobe Creative Cloud accounts and using them to send phishing emails capable of thwarting traditional checks and some advanced threat protection solutions, Avanan security researcher Jeremy Fuchs warns.

This new wave of attacks started in December 2021, and they are exploiting the fact that Adobe's apps are designed to foster collaboration by sharing documents.

The attack is simple, really: the phishers create/import and host on Adobe Cloud an official-looking PDF pointing to a classic credential harvesting page hosted outside the Adobe suite.

Then they share the document with the victims, who get a legitimate email from Adobe, saying that a document has been shared with them.

The attackers are taking advantage of the trust that email security solutions place in Adobe, Fuchs noted.

While users whose first language isn't English might not notice that, everybody should definitely find suspicious the fact that the fake Office 365-themed login page is hosted on Weebly.

News URL

https://www.helpnetsecurity.com/2022/01/13/phishers-adobe-cloud/

#adobe #cloud #office #office365 #phisher

Related vendor

VENDOR	LAST 12M	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
Adobe		164	61	1919	820	2135	4935