Saturday, March 3, 2012

Fake Adobe Email

Bastards. I got an email from "enews@2012-acrobat-reader-upgrade.com" that looked fake. Supposedly Adobe came out with a new version of Acrobat and they sent me a personal email to upgrade. Clicking on the link brings you to a website with a big "Download" button. The URL of the website is http://www.2012-acrobat-reader-upgrade.com/. Once I saw that the website did not end with adobe.com, I was certain it was fake. Checking with the real Adobe website confirmed that they were still on version 10.

Looking up the domain on WHOIS returned the following:
Domain name: 2012-ACROBAT-READER-UPGRADE.COM
Name Server: ns3.nic.ru
Name Server: ns4.nic.ru
Name Server: ns8.nic.ru
Creation Date: 2012.03.03

Status: DELEGATED

Registrant ID: 9MUT6ZC-RU
Registrant Name: Thomas Anderson
Registrant Organization: Thomas Anderson
Registrant Street1: 2039 Avenue Street
Registrant City: Sydney
Registrant State: NSW
Registrant Postal Code: 1002
Registrant Country: AU

Administrative, Technical Contact
Contact ID: 9MUT6ZC-RU
Contact Name: Thomas Anderson
Contact Organization: Thomas Anderson
Contact Street1: 2039 Avenue Street
Contact City: Sydney
Contact State: NSW
Contact Postal Code: 1002
Contact Country: AU
Contact Phone: +61 2 39883628
Contact E-mail:

Registrar: Regional Network Information Center, JSC dba RU-CENTER

Last updated on 2012.03.03 23:20:17 MSK/MSD

Hmm, Adobe is not headquartered in Australia... and the address doesn't exist on Google Maps. Fake email, fake domain name, fake address... the slimebag's name is probably not Thomas Anderson either. I feel like I was almost pickpocketed.

Another tip-off was the slightly awkward English used in the email. Haven't they learned anything from the Nigerian scam?
Adobe is pleased to announce new version upgrades for Adobe Acrobat Reader

http://www.2012-acrobat- reader-upgrade.com

Advanced features include:

- Collaborate across borders
- Create rich, polished PDF files from any application that prints
- Ensure visual fidelity
- Encrypt and share PDF files more securely
- Use the standard for document archival and exchange

To upgrade and enhance your work productivity today, go to:

http://www.2012-acrobat- reader-upgrade.com

Our whole team has been working hard to satisfy your product needs.

Start downloading the update right now and let us know what you think about it.

We're working on making Adobe Acrobat Reader better all the time !

Copyright 2012 Adobe Systems Incorporated. All rights reserved.

5 comments:

El Potro said...

I received the same email and I thought it was fake. Thank you for the extra info.

Anonymous said...

What email address did they use? Mine was very targeted with first and last name, correctly spelled, but the email address was one I used exclusively to register for opentable.com. It is an alias from which no mail can be sent, so either opentable's database got hacked or they sold their database to someone that got hacked.

totochi said...

@anon - It was my regular hotmail address. Since I've had it before MSFT bought them, I get hundreds of spam email daily so I don't know the source. I read on the web that a lot of people see a correlation with their iStock(?) email account.

Unknown said...

guys, who is using my company's "fake" email.

I own Flower Station and must say it is really unpleasant to see a mention of john@flowerstation.co.uk

so a little insight would be helpful

totochi said...

@Flower Station - Did you not read the post? Someone created a domain/website to trick people into downloading malware and used your email on the domain registration. I'll edit the post to remove your email since the fake Adobe website is no longer active.