ALL BLOGS
Scam Alert: Fake BT and Microsoft Emails Using AdobeSign – What to Watch For
By theadmin
·
June 27th, 2025
·
6 min read
·
Security
TL;DR: Scammers are sending fake BT and Microsoft documents through AdobeSign — here’s how to spot them.
- Two real client cases: a fake BT line upgrade and a fake Microsoft licensing request, both delivered via AdobeSign.
- The emails came from adobesign@adobsign.com (note the missing “e”) and were sometimes preceded by a convincing phone call.
- They exploit real events — like the UK copper line switch-off — to seem legitimate.
- Always verify with the sender through known channels, never the contact details in the message — and report anything suspicious to us straight away.
We’ve recently seen a concerning increase in sophisticated scam emails reported by clients. These phishing attempts use social engineering tactics and trusted platforms to appear credible. Below are two real examples we’re sharing to help raise awareness and encourage vigilance — along with practical steps you can take to protect your business.
Case 1: BT line upgrade scam
One client received two emails that appeared to be from BT, sent from adobesign@adobsign.com. The emails asked them to review and sign off on a new BT line installation. What made the scam more convincing was a phone call they received beforehand, from someone claiming to be from BT, discussing the upgrade of an existing copper line.
As many are aware, the UK is currently phasing out traditional copper wiring in favour of full fibre — a genuine change that scammers are now exploiting as a tactic to appear credible.
The client contacted BT directly after receiving the second email and was told no such communication had been made. They then alerted us. We’ve since carried out full checks on their system and can confirm that no compromise occurred.
Case 2: Microsoft licensing scam
Another client reported a suspicious email also delivered via AdobeSign, again from adobesign@adobsign.com, referencing Microsoft licensing. This followed a similar pattern — using a recognised and trusted platform to encourage the recipient to open or sign a document, potentially exposing them to phishing or malware.
Why these emails are dangerous
- They use trusted brands like BT, Microsoft, and AdobeSign to build credibility.
- They’re often preceded by convincing phone calls, adding to the illusion of legitimacy.
- They exploit real-world changes — such as the UK’s copper line switch-off — to appear relevant.
- The emails often include links to sign documents, which may lead to phishing websites or malware.
This blend of a familiar brand, a real industry change, and a follow-up phone call is exactly what makes modern phishing so effective. It’s no longer about obvious spelling mistakes — it’s about timing and context. That’s why managed cyber security and ongoing staff awareness matter as much as any single technical control.
Newsletter Sign Up
Stay in the loop
Stay up to date with the latest in cyber security, IT support, cloud technology and business systems. Sign up to receive practical tips, important updates, industry insights and expert advice to help keep your business secure, connected and running smoothly.
What we’re doing
- We’ve conducted security checks on all reported systems and confirmed no breaches.
- We are reporting incidents to the relevant authorities and industry bodies.
- We continue to monitor for similar threats across our client base.
What you can do
- Be cautious of unsolicited emails or calls, even if they appear to relate to legitimate infrastructure changes.
- Always verify with the supposed sender via known contact channels — not the phone number or link in the message itself.
- Avoid clicking unknown links or downloading attachments.
- Check sender addresses carefully — small misspellings like “adobsign” instead of “adobesign” are a common giveaway.
- Report anything suspicious to us immediately — we’re here to help.
If you’re a client and you’ve received an email you’re unsure about, don’t act on it — forward it to us and we’ll take a look before you do anything.
Worried about your wider security?
Scam emails like these are a useful reminder to step back and look at the bigger picture. If you’re not confident your business is protected — or you’ve had similar emails land in your team’s inboxes — now is a good time to review where you stand. Our free business security risk assessment gives you a clear view of your current posture and where the gaps are.
Getting the fundamentals certified also makes a real difference. Cyber Essentials covers the controls that block the most common attacks, and pairing it with proactive managed IT support means someone is watching your systems even when you’re not. If you have any security concerns at all, get in touch with our team — we’d far rather hear from you early than after something goes wrong.
FAQs
Q: How can a scam email come from a real service like AdobeSign?
A: Attackers abuse legitimate platforms because emails sent through them often pass security checks and look trustworthy. In these cases the messages came from a lookalike address — adobsign rather than adobesign — and used the real AdobeSign style to lower people’s guard. The platform being genuine doesn’t make the document inside it safe.
Q: I’ve received one of these emails — what should I do?
A: Don’t click any links or sign anything. Verify directly with the supposed sender using contact details you already trust — not the ones in the email. If you’re a client, forward it to us and we’ll check it for you before you take any action. You can
reach our team here.
Q: What is the copper line switch-off and why are scammers using it?
A: The UK is phasing out traditional copper phone lines in favour of full fibre, and many businesses are genuinely being contacted about upgrades. Scammers piggyback on real, widely-publicised changes like this because a message about something you’re already expecting feels far more believable.
Q: How do I check whether an email from BT or Microsoft is really genuine?
A: Look closely at the sender’s full email address for subtle misspellings, hover over links before clicking to see where they actually lead, and be wary of any pressure to sign or act quickly. The safest approach is to contact the company directly through their official website or a number you already have on file.
Q: Someone on my team clicked the link or signed the document — what now?
A: Act quickly. Disconnect the affected device from the network, change any passwords that may have been entered, and don’t delete the email — it’s useful evidence. Then contact your IT provider straight away so the system can be checked for compromise. If you’re a client,
tell us immediately and we’ll investigate.
Q: How can I protect my whole business from phishing like this?
A: A layered approach works best: staff awareness training, multi-factor authentication, email filtering, and keeping systems patched. Certifying to
Cyber Essentials and partnering with a
managed cyber security provider gives you both the controls and the monitoring to catch threats early. A
free security risk assessment is a good first step.
Phishing attempts like these are only getting more convincing, but they rely on catching people off guard. A moment’s caution — and a quick check with someone who knows what to look for — is usually all it takes to stop them. If you have any concerns about emails you’ve received or want to review your organisation’s security posture, please get in touch. We’re here to help.
