Example of the Adobe Acrobat lure page seen by Proofpoint researchers.

Threat Alert: Adobe URLs Lead to Credential Phishing Sites

• Recent phishing emails appearing to originate from “Ashford Environmental Services" contain legitimate Adobe Acrobat URLs.
• Following the URLs leads to a preview of a Microsoft SharePoint-branded document hosted on Adobe Acrobat. The document preview contains a button with the text “PREVIEW DOCUMENT HERE”.
• Clicking on the button leads to a Microsoft credential-harvesting site hosted at the website subzr[.]xyz.

Key Action: Report Suspicious Emails 

• Keep in mind that cybercriminals regularly abuse legitimate services like Adobe Acrobat. Abusing legitimate services gives cybercriminals and their lures an additional air of legitimacy.
• Verify the legitimacy of any unsolicited/unexpected email before you interact with it, especially if it directs you to click on a link and provide credentials. It can be tempting to click on a “call-to-action.” macros” unless you are certain a file is safe. These actions can expose you to malware.
• Report ANY suspicious emails using the Phish Alarm button.