Attackers impersonate Adobe to extract sensitive credentials
Cybersecurity firm Armorblox said it had stopped an Adobe personification attack that bypassed native Microsoft 365 email security.
The phishing message would have landed in the inboxes of over 2,300 end users, the company said. It deployed the GPT-powered email security software to stop the attack.
The attackers managed to bypass native Microsoft 365 email security. They purported to send through legal documents from a compromised third-party account, “ likely targeting an end user that is frequently in communication with this trusted contact.”
“Specifically targeting Adobe Acrobat, a popular tool for handling PDF files, the attackers aimed to trick users into willingly disclosing their login credentials in order to view the awaiting document,” Armorblox said.
The landing page that attackers wanted to navigate victims to resembled a landing page for Adobe File Sharing.
“The inclusion of the legitimate Adobe File Sharing logo brings a sense of trust that this landing page is used for the exact purpose that unsuspecting victims are being navigated here for, with the intention of extracting sensitive user credentials across all main native email security: Microsoft 365, Microsoft Outlook, and others,” the company said.
Last year, brand impersonification attacks increased by 74%.