A new phishing campaign is targeting corporate users via compromised email accounts to distribute PDF files hosted on Autodesk Drive, according to cybersecurity firm Netcraft.
In the incidents reported, hackers sent out phishing emails to contacts already in the account, and even mimic the original senders’ signature footers, including the sender’s name and company name to make the email look more believable.
Netcraft notes that “victims are much more likely to click on a shared document link when the email comes from a person or business they already work with, especially when the email is furnished with the signature and other contact details they would expect to see.”
The body of the email includes a shortened link leading to a malicious PDF on Autodesk Drive.
“The links in the phishing emails use the autode.sk URL shortener, which is powered by Bitly. Autodesk Drive is intended for sharing design files in the cloud, and supports a variety of 2D and 3D data files including PDFs. It is free to use when subscribing to other Autodesk products,” Netcraft explains.
When recipients click on the link to try and open the document, they’re directed to a phishing page that asks for their Microsoft account username and password. Once a victim enters their credentials, they are redirected to a document on OneDrive about real estate investment, disguising the fact that their login details have just been stolen.
“Armed with victims’ Microsoft credentials, the criminals behind these attacks could gain unauthorized access to sensitive company data, as well as being able to send even more phishing emails from the compromised Microsoft accounts,” Netcraft notes.
The cybersecurity firm adds that attackers have tailored their attacks to different countries and regions, too, as shown by malicious PDFs in various languages on Autodesk Drive.
“The scale of these attacks and the use of customized PDF documents suggests some degree of templating and automation, leading to a series of well-targeted compromises that has the potential to spread worldwide like a virus,” Netcraft says.