Cloudmark reports fake Acrobat spam tapping users for credit card details

This curious strategy, says the anti-spam specialist, is a ruse to steal users credit (and debit) card details.

The emails look genuine enough, adds the firm, as they route to a URL that Adobe in its domain name, but the link routes to a malicious site requesting payment card data.

"Our samples, as well as reports elsewhere, show this scam being sent by otherwise legitimate email service providers (ESP)", says Jamie Tomasello, Cloudmark's director of security operations in her latest security blog.

Tomasello also cites research from MX Lab as reporting that Mailchimp has been victimised this way in the past, whilst Exact Target was a source quite recently.

This latest batch of emails comes from SilverPop, the US e-marketing firm, says Cloudmark, noting that Adobe is aware of these campaigns and has been advising recipients to delete these messages upon receipt and, if required download the update directly from http://get.adobe.com/reader/.

Infosecurity notes that the Adobe/SilverPop emails were also spotted by security researcher Brian Krebs.

As reported yesterday by Infosecurity, as part of his research into what turned out to be the Epsilon database hack Krebs contacted SilverPop because a source forwarded a junk email message which appears to have been sent directly from the firm's internal email systems.

"The missive is an offer to download Adobe Reader, and recipients who click the included link are brought to a page that tries to charge them for the free software. This approach is almost identical to the scam emails sent out directly after the successful attacks against email services providers in November of last year", he said.

"My initial reporting on this attack against the email service provider industry indicates that most of the providers in the industry had client customer data stolen", he added.

What’s Hot on Infosecurity Magazine?