PDF files – Latest Target of Phishing Scam

Malware and viruses are always just a wrong click away, and to keep yourself protected you need to be on top of the latest trends that are targeting home and business users. This past month I have been noticing an increase in PDF attachment attacks around the office. As with previous email based attacks this is simply the latest attempt to infiltrate your network security by using the weakest link. YOU! Yes, in my opinion humans are the most vulnerable vector to attack and successfully enter a network.

How the latest PDF Phishing scam works.

A friend, coworker or client has already been infected with malware. At this point the attacker has taken control over their system and would like to spread his virus via email. The malware quickly enumerates the victims address book and fires off emails to unsuspecting targets with the viral payload attached as a PDF document. As the recipient you open the PDF, jump through a few hoops and the attacker now has control of your computer as well as your email credentials and more.

How to spot a bogus attachment, and prevent infection.

Unfortunately it is probably impossible to block PDF files at home and especially in the office. The Portable Document Format has become ubiquitous with sending and receiving all types of documents. So how can we prevent falling prey to a scam.

Look for the following: 

  • Use common sense. Were you expecting a PDF from this friend or coworker? Is this an email from someone that has you in their address book but you haven’t spoken to in years? If so, maybe you should reach out before opening the document
  • Does the file attached have an “odd” or “generic” name?
    For example INVOICE0987.PDF, DOCUMENT.PDF, BILL1256.PDF
  • Is the body or subject of the email blank or generic in nature?
    Another Example:
Subject: ATTACHMENT
  • Good morning,
    
    Please find enclosed copy.
    
    Thanks 

    All of the above should be immediate triggers to give this message a closer look before launching the attachment.

Opps, I opened the PDF file now what?

Working in an office as the IT Director, I see all the crazy things users do. Opening attachments they know they probably shouldn’t is on my TOP 10 list of stupid user tricks.

In the case of the malware PDF, simply opening the attachment will most likely NOT harm or infect your computer. The PDF will simply contain a link to a web page.  (See image below) 

We are about 1/2 way to the point of infection. So far you have ignored any signs that the email looked “bogus” and have proceeded to launch the PDF.  A HUGH red flag should be waving in your face since this PDF file has NO content other than an external LINK. When was the last time you sent a PDF to someone with NO content? If the sender wanted you to go to their Dropbox, Google Drive or Portal why not just put the link in the body of the email? Why go through all the extra work of embedding a link in the PDF file and then send the PDF? There is no reason for this. DING DING DING its a SCAM!

I still ignored all the signs and clicked anyway!

I know you are saying to yourself, how could someone possibly fall for this, but they do. You have one last chance to redeem yourself. If you are using Adobe Acrobat, the default setting is to ASK every time an external link is clicked. You should see a security warning box that looks like this.

READ IT CAREFULLY! As you can see the link in my scam PDF was trying to open a web site in New Zealand. I don’t have any business in New Zealand so this is yet another HUGE red flag.

SIDE NOTE:
How to configure Adobe Acrobat DC to Warn(ask) or Block external links in PDF files

CLICK- EDIT-> PREFERENCES->TRUST MANAGER (Scroll the list down to “T”)
Then CLICK -> CHANGE SETTINGS
Finally -> CLICK (Always Ask, or Block Access)

(See image below)

So I clicked and now I’m all in!

Clicking the link will land you on the hackers web page and you can bet that page is full of malware looking for holes in your browser and OS security to gain a foothold on your computer. At the same time the page could spoof some type of email client or login and trick you into giving up your passwords. DON’T DO IT.

If you got this far you need to scan you computer for virus and call the IT department if this is a business workstation.

Final Thoughts:

Its in our nature to be curious regarding attachments and other surprises that come in via email, Our brains are wired to be compelled to click and jump through all the hoops to get to the prize. If there wasn’t some level of success on the hackers part they wouldn’t bother with these types of scams.

If you really MUST open the attachment, do it on your iPhone, they are much less susceptible to becoming infected (however not impossible so beware!)

Thank you for reading my blog,
Joe

Leave a Reply