Hackers have a clever new way to steal your login details – Don’t open this PDF!

How hackers are exploiting Adobe Creative Cloud to steal credentials
© Andrey Popov | Dreamstime.com

Adobe has an extensive suite of apps used by businesses and regular internet users. One of the most popular is Acrobat Reader, which allows you to view PDF files. Here’s a safe way to sign PDFs and convert them to different formats.

Adobe Acrobat Reader is a free app, and while there are competitors, the millions of downloads over its 28-year existence have made it the default application. It has become synonymous with the PDF file format, but it’s not without problems.

Now cybercriminals have come up with a clever way of stealing credentials. Read on to find out how they’re doing it and ways to avoid falling victim.

Here’s the backstory

Acrobat Reader is part of a bundled offering from Adobe, called Creative Cloud. It is an application where you can access other programs, share files with collaborators, and create new documents.

The sharing aspect is a prominent feature used by companies. When a document is worked on or needs an extra pair of eyes, it’s easy for a user to send it to a recipient. The receiver will get an email that the document has been shared with them, and it includes a link to where it can be found.

PDF stealing link
Credit: Avanan

But according to cybersecurity company Avanan, it is these collaboration tools that hackers are exploiting. First noticed towards the end of last year, hackers create Adobe accounts and import PDF files.

Here’s how the thieves pull off the ruse. First, they create a malicious PDF and post it on the official Adobe platform. Then they send an email to potential victims that will include a link to the PDF file.

Since the email comes from the official Adobe platform, recipients don’t have their guard up. If they open the PDF, they are redirected to a site that asks for their login credentials. If they sign in, they’re handing them over to criminals.

In a blog post about the fake files and redirects, Avanana explained that it often bypasses the authentication checks from email providers. 

Typically when such an email is delivered to a victim, it looks like a real Adobe mail. In all aspects, it is, but the link that needs to be clicked to view the file has been tampered with. It directs users to a malicious page and requests that they log in to view the document.

PDF signon page
Credit: Avanan

There have already been more than 400 attacks of this kind in January.

What you can do about it

You can do several things to make sure that you don’t fall victim to this attack. Here are some suggestions:

  • Make sure that you know who sent the document to you. Scrutinize the sender’s email address, and if it doesn’t look familiar to you or has no bearing on your work, it could be a hacker.
  • As with any email, never click on links or open attachments if you don’t know the sender.
  • If you do know the person who sent the email, check that any links in an email or a document goes to the right webpage. Hover your cursor over the link, and a preview of the destination will be visible in the bottom left corner of your browser.
  • Have trustworthy antivirus software on all of your devices. We recommend our sponsor, TotalAV. Right now, get an annual plan of TotalAV Internet Security for only $19 at ProtectWithKim.com.

Keep reading

Scam warning: Think twice before you click that Google Docs notification

Use Photoshop, Acrobat, or another Adobe product? You need to update now

Tags: Adobe, antivirus software, attacks, cybercriminals, cybersecurity, files, Google, Google Docs, hackers, login credentials, Photoshop, scam warning, security, software, update