Autodesk is hosting malicious PDF files that lead phishing attack victims to have their Microsoft login credentials stolen.
The elaborate phishing campaign behind these attacks is much more convincing than normal, as it uses compromised email accounts to find and attack new targets. These accounts are used to send phishing emails to existing contacts, using the sender’s real email signature footer.
One of the phishing emails, which links to a document shared on Autodesk Drive. The sender later confirmed their account had been compromised.
As was the case in this example, victims are much more likely to click on a shared document link when the email comes from a person or business they already work with, especially when the email is furnished with the signature and other contact details they would expect to see.
The link takes the victim to a PDF document hosted on the Autodesk Drive data sharing platform. This document includes the sender’s name and the company they work for, further leveraging the trust instilled by the existing business relationship with the sender.
The malicious PDF file hosted on Autodesk Drive.
The links in the phishing emails use the autode.sk URL shortener, which is powered by Bitly. Autodesk Drive is intended for sharing design files in the cloud, and supports a variety of 2D and 3D data files including PDFs. It is free to use when subscribing to other Autodesk products.
When the victim clicks on the large VIEW DOCUMENT button, they will be taken to a phishing site that impersonates the Microsoft login form.
One of
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.