Domain Whitelist Protection SaaS - AP Lens

Phishing
Phishing email
email using
using
Adobe Cloud
Adobe Cloud

網路釣魚攻擊
Adobe 雲端文件電郵案例分享
April 2022

You might
want to share
this with
your team
You have invested in the best antivirus and
firewall on the market. You have organised a
mandatory phishing training for all your
employees to join.

Still, all your phishing prevention efforts might

have been in vain when faced with a innovative
type of phishing attacks that use a legitimate tool
like Adobe Sign and the real Adobe website to
breach the core of the victim’s organisation: all of
their data (including email, files, chat) stored on
Microsoft 365 servers.
STEP 1:
The user receives a request to sign a document. Notably, this is a real request originating from the
real Adobe platform. This is not a look-a-like email sent from a fake email address.
As the sender and content are real and completely legitimate, web scanning and email scanning tools
cannot identify this email as risky. Therefore the user receives no warning and trusts the message.
STEP 2:
When clicking on the link, the user is sent to the Adobe Cloud website.
Once again, this is a real website, not a phishing website (note the URL). All cyber security tools
including AP Lens allow the real Adobe Cloud website to be opened and be visualised without any issue.
STEP 3:
Once the user tries to open the document sent via Adobe Sign, they get a re-direct request to
adbdocs[.]revalauths[.]com. They click on “Open Link”.
STEP 4:
Cyber security tools including antivirus and firewall, that might not have marked this address as
malicious, are likely to allow us to visit adbdocs[.]revalauths[.]com without any problem.
AP LENS however, shows a warning which also serves a reminder: the website you are about to access
is not on the whitelist. You will be redirected to a “sandbox” version of the website itself. Proceed with
caution and do not input any credentials.
 Website is opened inside
remote browser

STEP 5:
If the users decides to proceed anyway, they get a captcha test as the one shown above.
 Website is opened inside
remote browser

STEP 6:
After the captcha, the user is asked to sign in with their Microsoft credentials - this time, on a fake
website that pretends to be Microsoft. The user is visiting this on AP Lens sandbox browser so they will
be aware this is not the real, whitelisted Outlook site they visit all the time in their own browser.
Furthermore, as the site is running on a sandboxed browser, any malicious code running on this fake
website will not affect the user’s machine.
What is sandbox browsing?
When browsing the internet from AP Lens, your machine is completely segregated from the
websites you are visiting, and tracking cookies and website-based attacks cannot reach you. AP
Lens anonymises your online traffic, and even opens suspicious email links for you. No software
installation, configuration, maintenance or patching is required.

The game changer

Instead of focusing of trying to identify unsafe sites in order to block them, AP Lens goes the
other way. In a work environment, employees tend to spend most of their time on a relatively
small number of sites. These websites are whitelisted by AP Lens, and users can browse them as
usual. Other websites, that haven’t been vetted, and might potentially be unsafe are visualised on
the user device via AP Lens sandbox browser running on a cloud server. Like a stuntman, AP
Lens visits the website on the users’ behalf, keeping them safe and leaving the browsing
experience unaffected.
 About Hoplite

Hoplite builds on over 20 years’ experience in cyber security, cloud security

and information protection in private banking and the public sector. Our
tools include 1) Anti-Phishing Bot – an email anti-phishing tools and listed on
Microsoft AppSource and Google Suite Marketplace; 2) Anti-Phishing Lens
(AP Lens) - a cloud based remote browser; 3) Anti-Hack Operations (AHO)
Cybersecurity Training Gamification.

At Hoplite, we believe personal information anonymity and cyber security are

a universal right that belongs to everyone. Find more about Hoplite and the
people behind it at:           
www.hoplite-tech.com .

www.hoplite-tech.com
+852 5402 5843
info@hoplite-tech.com
5/F , United Centre, 95 Queensway , Admiralty Follow Us

Acknowledgements:

Hong Kong Cyberport Member company of Member company of Member of the British
2019 Cyberport Creative Incu-App Programme, WTIA Chamber of Commerce in
Micro Fund Graduate HKSTP Hong Kong