Phishing scam masquerades as Adobe upgrade

Phishing scam masquerades as Adobe upgrade

March 31, 2011 8:35 AM PDT

by

Phishers use all kinds of come-ons to lure their victims. But one persistent piece of spam tries to trick people by offering an upgrade to Adobe Acrobat. 

Detailed by security provider Cloudmark in a blog posted yesterday, this type of advertising spam e-mails users a notice to upgrade to the new Adobe Acrobat Reader. Those who click on the link are directed to a Web site touting the benefits of the software.

The Web site domain name contains the word “adobe,” says Cloudmark, as an attempt to give it some kind of legitimacy. But of course, it’s just another malicious site designed to capture personal information.

Once on the phony site, the user is prompted to provide contact details and credit card information, which naturally then fall into the hands of the cybercrooks behind this scam.

This particular spam campaign is hardly new, according to Cloudmark. Security vendor MX Lab picked up on it last July and then again in September, all with the same message and intent.

In September, MX Lab reached out to MailChimp, the e-mail service provider that the spammers used to send out their messages. Once alerted, MailChimp suspended the account. But the recent outbreak of the same scam shows that cybercrooks can easily move from one provider to another.

Adobe is aware of this particular Adobe Reader upgrade scam and has in the past cautioned people to watch out for it.

Of course, Adobe Reader is a free product, so the request for credit card information should be a tip-off that something’s not right here. But the phony Web site does describe the product as offering the ability to create and edit PDF files, something only available in the paid version of Acrobat. So some people who want the full product could be fooled. And as with most scams, the bad guys come out ahead even if only a tiny percentage of unsuspecting users swallow the bait.

Tags: , , , , , ,