Autodesk Drive Used in Microsoft Phishing Scams

Penka Hristovska
Penka Hristovska Senior Editor
Penka Hristovska Penka Hristovska Senior Editor

A new phishing campaign is targeting corporate users via compromised email accounts to distribute PDF files hosted on Autodesk Drive, according to cybersecurity firm Netcraft.

In the incidents reported, hackers sent out phishing emails to contacts already in the account, and even mimic the original senders’ signature footers, including the sender’s name and company name to make the email look more believable.

Netcraft notes that “victims are much more likely to click on a shared document link when the email comes from a person or business they already work with, especially when the email is furnished with the signature and other contact details they would expect to see.”

The body of the email includes a shortened link leading to a malicious PDF on Autodesk Drive.

“The links in the phishing emails use the autode.sk URL shortener, which is powered by Bitly. Autodesk Drive is intended for sharing design files in the cloud, and supports a variety of 2D and 3D data files including PDFs. It is free to use when subscribing to other Autodesk products,” Netcraft explains.

When recipients click on the link to try and open the document, they’re directed to a phishing page that asks for their Microsoft account username and password. Once a victim enters their credentials, they are redirected to a document on OneDrive about real estate investment, disguising the fact that their login details have just been stolen.

“Armed with victims’ Microsoft credentials, the criminals behind these attacks could gain unauthorized access to sensitive company data, as well as being able to send even more phishing emails from the compromised Microsoft accounts,” Netcraft notes.

The cybersecurity firm adds that attackers have tailored their attacks to different countries and regions, too, as shown by malicious PDFs in various languages on Autodesk Drive.

“The scale of these attacks and the use of customized PDF documents suggests some degree of templating and automation, leading to a series of well-targeted compromises that has the potential to spread worldwide like a virus,” Netcraft says.

About the Author
Penka Hristovska
Penka Hristovska
Senior Editor

About the Author

Penka Hristovska is an editor at SafetyDetectives. She was an editor at several review sites that covered all things technology — including VPNs and password managers — and had previously written on various topics, from online security and gaming to computer hardware. She’s highly interested in the latest developments in the cybersecurity space and enjoys learning about new trends in the tech sector. When she’s not in “research mode,” she’s probably re-watching Lord of The Rings or playing DOTA 2 with her friends.

Leave a Comment