A new phishing campaign leveraging Autodesk Drive has come to light, targeting corporate users through seemingly legitimate PDF files. Cybersecurity experts at Netcraft have uncovered that attackers are exploiting compromised email accounts to disseminate phishing emails. These emails contain links to malicious PDF documents hosted on Autodesk Drive, cleverly using the sender’s name and company details to enhance authenticity.
The phishing attack is designed to capture Microsoft account credentials by redirecting victims to fake login pages. Once the credentials are obtained, attackers gain unauthorized access to sensitive company data and can perpetrate further phishing attacks from the compromised accounts.
This campaign demonstrates sophisticated social engineering tactics, utilizing the trusted Autodesk Drive platform to bypass typical security measures. The attack’s customization across multiple regions and languages suggests a well-coordinated effort aimed at a broad set of targets, indicating potential for widespread impact.
Further Reading:
- Learn more about the details of this campaign from Netcraft’s analysis
- For insights into preventing such phishing attacks, read Phishing Attacks: Best Practices for Not Taking the Bait
- Explore how Autodesk responds to security concerns on their official security page