Please Sign In to Review

The NJCCIC observed a phishing campaign impersonating Adobe document-completion notices. These phishing emails appear to originate from adobesign[@]adobesign[.]com, the official Adobe Acrobat email address, which the threat actors have likely spoofed . The messages include a link to a counterfeit Microsoft Authentication page. The page presents the user’s organization branding and is designed to harvest the user’s credentials and two-factor authentication (2FA) token, and to retrieve the associated session cookie. This is achieved through the Adversary-in-the-Middle (AitM) technique, which leverages proxy capabilities provided by the Nova Cookies Phishing Kit (an evolution of Smile’s SneakyLog variant).

Recommendations

• Avoid clicking links and opening attachments in unsolicited emails.
• Confirm requests from senders via contact information obtained from verified and official sources.
• Users should only submit account credentials on official websites.
• Maintain robust and up-to-date endpoint detection tools on every endpoint.
• Consider leveraging behavior-based detection tools rather than signature-based tools.
• If you suspect an account has been compromised, change the account’s password immediately and ensure MFA is enabled for all online accounts.
• Review the Don’t Take the Bait! Phishing and Other Social Engineering Attacks NJCCIC product for more information on common phishing and social engineering attacks.

Report malicious cyber activity to the NJCCIC and the FBI’s IC3.

This was published in the NJCCIC Weekly Bulletin June 4, 2026