As part of the observed incidents, the attackers use compromised email accounts to send phishing emails to existing contacts, and even use the senders’ signature footers, so that their messages appear legitimate.
In the message body, the attackers have included a shortened link to a malicious PDF hosted on the Autodesk Drive data sharing platform, which also includes the sender’s name and their company’s name, to further increase the sense of legitimacy.
When the recipient attempts to view the document, they are taken to a phishing page and asked to provide their Microsoft account username and password.
