ITWire reported:
Cloud email security provider MailGuard is warning businesses to be on high alert after intercepting a widespread phishing campaign “masquerading as a OneDrive shared document notification, which ultimately redirects to a fake Adobe login page designed to steal user credentials”.
According to MailGuard, the threat, first detected by MailGuard’s AI-driven filter network, uses simple HTML emails to trick users into believing they’ve received a legitimate contract document via Microsoft OneDrive - and victims who click the embedded "View Document" button are redirected not to Microsoft, but to a counterfeit Adobe page hosted on a suspicious domain.
The scam campaign is being distributed via compromised infrastructure using the domain `preferred-press.com`. Email subjects typically include document-sharing language and references such as “Contract Form 6122025\_2JD01” or “PO 6122025”. Sender display names are dynamically generated to mimic customer domains, with actual email addresses made up of random characters.
Common subject lines include:
Cloud email security provider MailGuard is warning businesses to be on high alert after intercepting a widespread phishing campaign “masquerading as a OneDrive shared document notification, which ultimately redirects to a fake Adobe login page designed to steal user credentials”.
According to MailGuard, the threat, first detected by MailGuard’s AI-driven filter network, uses simple HTML emails to trick users into believing they’ve received a legitimate contract document via Microsoft OneDrive - and victims who click the embedded "View Document" button are redirected not to Microsoft, but to a counterfeit Adobe page hosted on a suspicious domain.
The scam campaign is being distributed via compromised infrastructure using the domain `preferred-press.com`. Email subjects typically include document-sharing language and references such as “Contract Form 6122025\_2JD01” or “PO 6122025”. Sender display names are dynamically generated to mimic customer domains, with actual email addresses made up of random characters.
Common subject lines include:
- You received Contract Form 6122025\_2JD01
- A share file via OneDrive, or
- PO 6122025
Find the original article here.
Enroll in Training Sessions: Last Thursday of Every Month is Training on Frauds and New Scam Alerts and How to Combat
Enroll in Training Sessions: Last Thursday of Every Month is Training on Frauds and New Scam Alerts and How to Combat