Posts tagged "Phishing"

How Adobe Helps Protect You from Email Phishing

Email has always been a tool of choice cybercriminals.  By capitalizing on an established company’s brand reputation, they can send emails with malicious intent (links, attachments, phishing, etc.) and trick people into trusting these emails.  Adobe’s own brand reputation has been leveraged in the past for such schemes.

In order to protect our customers from potential confusion or victimization, we embarked on a project to help ensure that emails you receive from Adobe are from verified and authenticated to limit the likelihood of brand impersonation that could harm our customers.

So, how exactly do we ensure that our emails appear to our customers as from an authenticated sender? We first moved to implement email authentication technologies such as SPF (Sender Policy Framework), DKIM (DomainKeys Identified Mail), and DMARC (Domain-based Message Authentication, Reporting, & Conformance) policies into our email ecosystem.  To begin, we needed to identify our Adobe-owned domains.  Through this process, we identified that Adobe owned a very large number of domains. After collecting traffic against these domains, we carefully analyzed this data.  Next, we made necessary adjustments to SPF and/or DKIM records for each identified domain to improve our email authentication pass rate, help protect Adobe owned domains, and better ensure that emails received by customers on behalf of Adobe are genuine.

Through this journey, we identified and overcame a few hurdles:

  • Integrating our third party service providers into this program;
  • Managing domain owners as part of a dynamic environment;
  • Implementation of a complex process to ensure emails were sent compliant with SPF/DKIM to achieve an acceptable DMARC pass rate (usually greater than 97-99%), in order to move to quarantine and finally to a reject policy.
  • Developing new domain onboarding policies with multiple stakeholders.

We continue to invest in sending “takedown” notices whenever possible for domains that we find are being used to send malicious emails or host phishing websites that impersonate our brands. There has also been a recent upswing in targeted spear phishing attacks as cybercriminals evolve and try different tactics.  We continue to work to protect Adobe and our customers against these next generation of threats to Adobe’s email authenticity and its deliverability. If you do receive an email that you suspect is phishing, please forward it to us at for investigation. These external reports help us to continuously improve our approach.

Vivek Malik
Security Analyst

Marcail Kennedy
Manager, Messaging Services

How We Work to Protect our Brand and Users 

A recent report  by  Citizen Lab  uncovered that commercial spyware was used to trick users into thinking it’s a legitimate Adobe Flash Player update. Unfortunately, this malicious download took Flash Player and repackaged it to include spyware. We have contacted the relevant service providers to request that the systems used to support these activities (e.g., email accounts and domain names) be suspended.  Make no mistake, these activities are illegal and Adobe actively works to protect its users against such deceptive and harmful malware. 

Adobe Flash Player is one of the most ubiquitous and widely distributed pieces of software in the world, and as such, can be a target of malicious activity. We take the security of our products, technologies and customers very seriously. Protecting Adobe’s trademarks from this type of abuse is vital to our brand and our users. Adobe commits considerable time and resources to these efforts — even participating within the Internet governance processes before the Internet Corporation for Assigned Names and Number (ICANN) to help develop, among other things, rights protection mechanisms (RPMs) aimed at safeguarding brand owners and their users from this very type of abuse.

It’s important to note that the spyware  does not affect Adobe products and services. The repackaged software is a completely separate process on the victim’s machine. The Adobe brand is merely used for social engineering purposes.

Adobe continually works with our partners to help protect users from malicious downloads and to remove the need for users to manually update Flash Player. For instance, with Google Chrome browser, Flash Player updates are seamlessly delivered via the Chrome auto-updater on all operating systems. For users who prefer to manually update software, the latest version can be found here: 

We encourage customers and other members of the security community to report new vulnerabilities, abuse and misuse directly to the Adobe via the Security Alert Us page. 

We’re grateful for the work of groups such as  Citizen Lab  and ICANN, and will continue to support their efforts.

Brad Arkin
Chief Security Officer (CSO)

Do You Know How to Recognize Phishing?

Computer login and password on paper attached to a hook concept for phishing or internet security

By now, most of us know that the email from the Nigerian prince offering us large sums of money in return for our help to get the money out of Nigeria is a scam. We also recognize that the same goes for the email from our bank that is laden with spelling errors. However, phishing attacks have become more sophisticated over the years, and for the most part, it has become much harder to tell the difference between a legitimate piece of communication and a scam.

In recognition of National Cyber Security Awareness Month, we asked a nationally representative sample of ~2,000 computer-owning adults in the United States about their behaviors and knowledge when it comes to cybersecurity. This week, we’ll share some of the insights from our survey related to phishing—as well as resources and tips on how you can better protect yourself from falling victim to phishing attacks.

What is phishing?

Phishing is a form of fraud in which the attacker tries to learn information such as login credentials or account information by masquerading as a legitimate, reputable entity or person in email, instant messages (IMs) or other communication channel. Examples would be an email from a bank that is carefully designed to look like a legitimate message but that is coming from a criminally-motivated source, a phone message claiming to be from the Internal Revenue Service (IRS) threatening large fines unless you immediately pay what you supposedly owe, or the email from the Nigerian prince pleading for your compassion and promising a large reward. Attackers typically create these communications in an effort to steal money, personal information, or both. Phishing emails or IMs are typically designed to make you click on links or open attachments that look authentic but are really just there to distribute malware on your machine or to capture your credit card number in a form on the attacker’s site.

So do YOU know how to recognize phishing?

For the purpose of this blog post, we’ll focus on phishing emails as the attacker’s choice of communication. According to our survey, 70 percent of adults in the United States believe they can identify a phishing email. That percentage rises to 80 percent among Millennials.[i] Yet nearly four (4) in 10 people believe they have been victims of phishing. This goes to show that it’s not as easy to detect phishing emails as it may sound! Here are six tips to help you identify whether you’ve received a “phishy” email:

1. The email urges you to take immediate action

Phishing emails often try to trick you into clicking a link by claiming that your account has been closed or put on hold, or that there’s been fraudulent activity requiring your immediate attention. Of course, it’s possible you may receive a legitimate message informing you to take action on your account. To be safe, don’t click on the link in the email, no matter how authentic it appears to be. Instead, log into the account in question directly by visiting the appropriate website, then check your account status.

2. You don’t recognize the email sender

Another common way to identify a phishing email is if you don’t recognize the email sender. Two-thirds of those individuals we surveyed who believe they can identify a phishing email noted a top indicator to be whether or not they recognized the sender. However, our survey results also show that despite the warning signs, more than four (4) in 10 U.S. adults will still open the email—and among those, nearly half would click on a link inside—potentially putting themselves at risk.

3. The hyperlinked URL is different from the one shown

The hyperlink text in a phishing email may include the name of a legitimate bank. But when you hover the mouse over the link (without clicking on it), you may discover in a small pop-up window that the actual URL differs from the one displayed and that it doesn’t contain the bank’s name. Similarly, you can hover your mouse over the address in the “From” field to see if the website domain matches that of the organization the email is supposed to have been sent from.

4. The email in question has improper spelling or grammar

This is one of the most common signs that an email isn’t legitimate. Sometimes, the mistake is easy to spot, such as “Dear Costumer” instead of “Dear Customer.”

Other mistakes might be more difficult to spot, so make sure to look at the email in closer detail. For example, the subject line or the email itself might say “Health coverage for the unemployeed.” The word “unemployed” isn’t exactly difficult to spell, and any legitimate organization should have editors who review marketing emails carefully before sending them out. So when in doubt, check the email closely for misspellings and improper grammar.

5. The email requests personal information

Reputable organizations don’t ask for personal customer information via email. For example, if you have a checking account, your bank already knows your account number.

6. The email includes suspicious attachments

It would be highly unusual for a legitimate organization to send you an email with an attachment, unless it’s a document you’ve requested or are expecting. As always, if you receive an email that looks in any way suspicious, never click to download the attachment, as it could be malware.

What to do when you think you’ve received a phishing email

Report potential phishing scams. If you think you’ve received a phishing email from someone posing as Adobe, please forward that email to, so we can investigate.

Google also offers online help for reporting phishing websites and phishing attacks. And last but not least, the U.S. government offers valuable tips for protecting yourself from phishing scams as well as an email address for reporting scams:

So while the Nigerian prince has become a lot more sophisticated in his tactics, there is a lot you can do to help protect yourself. Most importantly, trust your instincts. If it smells like a scam, it might very well be a scam!

[i] Millennials are considered individuals who reached adulthood around the turn of the 21st century. If you are in your mid-30s today, you are considered a Millennial.