Skip to main content

Phishing Campaign Uses Fake Adobe Document Cloud Application to Steal Microsoft Credentials

A cyber crime group is using a fake web application masquerading as the Adobe Document Cloud in order to steal credentials for Microsoft Office 365 and Outlook.

Report a cyber attack: call 0300 303 5222 or email carecert@nhsdigital.nhs.uk

Summary

A cyber crime group is using a fake web application masquerading as the Adobe Document Cloud in order to steal credentials for Microsoft Office 365 and Outlook.


Threat details

Introduction

The Curated Intelligence group have identified a phishing campaign that is targeting UK organisations and is aimed at stealing Microsoft Office 365 and Outlook credentials. The phishing emails suggest the user has received a shared, faxed, or encrypted document.

Once clicked, the user is directed to a fake Adobe Document Cloud web application that is designed to steal email credentials for Microsoft Office 365 or Outlook. These credentials are then used for business email compromise which can allow an attacker to set up forwarding rules, intercept email conversations, steal sensitive data, or carry out fraudulent exchanges.


Remediation steps

Type Step
Guidance

Organisations are advised to read the Curated Intelligence article and to block any outbound traffic to the following domain:

runn1rnl8xzmqeh0kvov[.]web[.]app​​​​​

 

Note: The Secure Boundary service has already implemented this blocking rule and therefore, any traffic that routes through Secure Boundary is already protected.



Last edited: 7 March 2022 2:51 pm