protectedinvoicescamIt’s another phish, today. This one claims to be from “Adobe Billing” and asks you to open the attached invoice. The catch is that the invoice – labeled as a Microsoft Word .doc – appears “protected” and instructs you to enable macros in order to view it.

For those less savvy readers, macros are basically shortcuts that allow one command to execute a set of operations. If you were to enable macros for this scam’s payload, you would potentially allow it to execute any number of malicious operations.

2014-06-03_1256On top of that, there are some warning signs. First, invoices are normally sent as PDFs if anything (and PDFs are Adobe’s own tech; they wouldn’t send you an invoice using a Microsoft file). Any time you get a .doc attachment from an unconfirmed sender or unsolicited email, beware. Second, the email includes improperly-used HTML tags and is very terse and awkwardly written for something that purports to be a business email. After all, this is the company that gave you Adobe Reader which is very professional (even if they need to update every ten minutes).

Despite that, the sender was able to successfully spoof an Adobe email address, so this just goes to show you not to automatically trust the sender. As with all phishing scams, we advise you to delete this email if it lands in your inbox.