Upgrade Your New PDF Acrobat Reader Hoax – Part III

A new email is doing the rounds with the following Subject Line:

Action Required : Upgrade Your New PDF Acrobat Reader

The Body of the emails is as follows:

ADOBE PDF READER SOFTWARE UPGRADE NOTIFICATION
This is to remind that a new version of Adobe Acrobat Reader with enhanced features for viewing, creating, editing, printing and internet-sharing PDF documents has been released.

To upgrade your application:
+ Go to http://www.adobe-acrobat-software.com
+ Get your options, download and upgrade.
Thanks and best regards,
John William
Adobe Acrobat Reader Support
Copy rights Adobe 2010 © All rights reserved
1022 Marrinbird Rd | Merryton | CA | 91523 | USA

As usual, this is a hoax and the download link takes you to the same convincing website that has previously been linked where there are Testimonials saying how wonderful the product is etc.

DO NOT BE FOOLED – This is not a valid Adobe Product. Please read their response to this and the other very similar hoaxes:

http://blogs.adobe.com/psirt/2010/09/alert-adobe-reader-upgrade-email-spamphishing-scam.html

The website it takes you to looks like this:

Adobe Acrobat PDF Hoax

The Adobe Acrobat Reader Hoax Website looks very convincing but do not be fooled.

About these ads

9 Responses

  1. The version I received this morning had a malformed link – the t of ‘software’ was missing so the link failed to load.

    The original domain (with a ‘t’) appears to have been registered via a Russian registrar though the registrant is recorded as a British resident though note that the name is suspicious and the address and post code look fictitious. Here is the full WHOIS info for the ‘correct’ domain:

    Domain name: ADOBE-ACROBAT-SOFTWARE.COM
    Name Server: ns3.nic.ru
    Name Server: ns4.nic.ru
    Name Server: ns8.nic.ru
    Creation Date: 2010.10.16

    Status: DELEGATED

    Registrant ID: ZA5XXWT-RU
    Registrant Name: John Terry
    Registrant Organization: John Terry
    Registrant Street1: 1729 Park Way
    Registrant City: London
    Registrant Postal Code: H38LA92
    Registrant Country: GB

    Administrative, Technical Contact
    Contact ID: ZA5XXWT-RU
    Contact Name: John Terry
    Contact Organization: John Terry
    Contact Street1: 1729 Park Way
    Contact City: London
    Contact Postal Code: H38LA92
    Contact Country: GB
    Contact Phone: +1 800 3892039
    Contact E-mail: ********@yahoo.com

    Registrar: Regional Network Information Center, JSC dba RU-CENTER

    Last updated on 2010.10.16 14:29:40 MSK/MSD

  2. I’ve received a bunch of these today, all using aliases which were unique to specific e-commerce sites I’ve used.

    After scratching my head, and grepping my mailbox, I’ve found that they all used createsend.com (aka ThinkSend) to send me legitimate opt-in marketing messages during 2009/2010 (February 2009 to July 2010 to be precise).

  3. Had one of these too today. Easy to spot esp. as the reply address was ludicrous.

    support-bxsze5bbgyaue0au9qucmqcfatam90@grandparents.chtah.com.

    Followed the links (I use Linux) and it looks like at best it’s an attempt to get money for ‘support’ and at worst phishing for card details. It even has Verified by Visa logos.Pathetic really

    I reported it to Visa/Google/anti-phishing

  4. I have received this upgrade offer two or three times now, but did not realise it was a scam until this morning, when my computer refused to load http://www.adobe-acrobat-software.com, and I was then led to your site.

    Thank you. I know what to do now.

  5. [...] The busiest day of the year was October 18th with 584 views. The most popular post that day was Upgrade Your New PDF Acrobat Reader Hoax – Part III. [...]

  6. [...] Adobe Acrobat Reader Hoax alanhardisty.wordpress.com This entry was posted in all. Bookmark the permalink. ← Site Navigation Any Is Are [...]

  7. great job

  8. I’ve got one today.
    Subject: “Action Required : Update Your PDF Application”
    Sent to an email address I created uniquely for Ticketmaster in the UK back in August 2008.
    Either Ticketmaster have had their marketing database compromised to get my address or, as somebody else here suggests, a third party service they use has been.
    Only goes to show why I use a unique email address for each service I use!

    The link in the email body displays as:

    http://www.2012-acrobat-adobe-download.com/

    But actually has a href of:

    http://smr.mm.ticketmaster.com:80/track?type=click&enid=ZWFzPTEmbWFpbGluZ2lkPTE0MTQzNDMmbWVzc2FnZWlkPTE0NDU0MDMmZGF0YWJhc2VpZD1EQVRBQkFTRUlEJnNlcmlhbD0xNjgxNzIzMSZlbWFpbGlkPXF3LnRpY2tldG1hc3RlcjA4MDhAcXd1ay5uZXQmdXNlcmlkPTEwMzQ4NTE3NzcmZmw9JmV4dHJhPU11bHRpdmFyaWF0ZUlkPSYmJmh0dHA6Ly93d3cuMjAxMi1hY3JvYmF0LWFkb2JlLWRvd25sb2FkLmNvbS8=

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Follow

Get every new post delivered to your Inbox.

Join 191 other followers

%d bloggers like this: