The bait is two documents in storage. The attachment is recognized as clean by sandboxes, but it disables the Windows firewall.
Cybercrime, false invoice for a phishing campaign on Adobe
False invoice for a phishing campaign on Adobe. The “PAYMENT CONFIRMATION.HTML” attachment of the “PAYMENT SLIP” email points to a fake site from which to download the document. Goal: steal passwords
The theft of Adobe credentials is the target of a new invoice-themed phishing campaign.
The “PAYMENT SLIP” email contains the “PAYMENT CONFIRMATION.HTML” attachment, that points to a fake website from which to download the document.
To do so, however, the entry of the Adobe PDF password is required (the username is pre-compiled with the victim’s email address). Any alphanumeric combination entered will be incorrect, but in the meantime the cybercrime actors behind the scam will have stolen all the data digited.