A new approach to phishing has become popular wherein the attackers sent spam along with PDF attachments. These PDF documents were disguised as documents of a law firm based out of Denver. The email had a download button with a link and when the users clicked on the button, they are were directed to an HTML page which looked similar to the Office 365 form stored in the Microsoft Azure Blob storage solution. The address is a valid Blob address and the site is also marked as secure. The SSL Certificate carried a signature issue by Microsoft IT TLS CA 5.
https://threatpost.com/innovative-phishing-tactic-makes-inroads-using-azure-blob/138183/
Yingyan Wang says
Hi Satwika,
Thank you for sharing good article to remind us that the new PDF phishing approach. There are too many types of phishing which require users to have sufficient awareness to keep themselves away from data leakage. It is good to read this kind of article to stay current and be aware of the new attack approach.