PDF Attachments Phishing Attacks

June 28, 2017

Recently we’ve seen an influx in spam emails containing PDF documents. The PDFs contain a link, which when clicked takes the victim to a website prompting them for usernames and passwords. By entering the username and password, the victim is giving the thieves their email password – compromising the account. This type of attack is called phishing.

Phishing
noun
the fraudulent practice of sending emails purporting to be from reputable companies in order to induce individuals to reveal personal information, such as passwords and credit card numbers.

What Can Be Done?

Please be on guard for emails with PDF attachments, especially those from unknown senders. Even if the email comes from a trusted sender, that person’s account may be compromised. Above are some common templates for gathering credentials.

Additionally, some email systems (Office 365, G Suite) can be configured to warn users whenever a PDF attachment with a link is included in an email, as seen in the Office 365 rule below.