Cybercriminals are using fake PDFs in phishing scams, posing as companies like Microsoft or PayPal.
In this week’s scam, cybercriminals are trying to trick you with PDFs that contain malicious content. You receive an email with a PDF attachment that appears to be from a major organization like Microsoft, DocuSign, or PayPal. The subject of the email seems alarming and makes it appear that you have an issue with your account. If you open the PDF attachment, it contains official logos and professional formatting. It appears legitimate, and the instructions direct you to call a customer service phone number.
But this PDF file is actually a phishing attempt. The phone number is fake, and if you call, a cybercriminal will answer and pretend to be a customer support representative. They will try to trick you into installing malware on your device. They will also try to manipulate you into giving them your user credentials or financial information so that they can solve the “problem” with your account. This type of scam can be very effective because you may be more likely to trust a voice over the phone, especially if they claim that they are trying to help you!
Tips to Stay Safe
Follow these tips to avoid falling victim to a phishing scam:
- Be suspicious of unexpected emails, especially those containing attachments. You should never open an attachment unless you are sure who sent it.
- Be cautious when contacting an organization using information provided in an email. It’s always safer to use the contact information listed on an organization’s official website.
- Remember that legitimate organizations rarely send urgent requests through PDF attachments. Cybercriminals will often attempt to create a sense of urgency to trick you into acting impulsively.
Stop. Look. Think. And don’t be fooled.
Tips of the Week Brought to You By Our Partners at KnowBe4
KnowBe4 is the world’s most popular integrated platform for awareness training combined with simulated phishing attacks. Let Keller Schroeder show you how KnowBe4 has helped thousands of organizations just like yours manage the continuing problem of social engineering. Contact us today to learn more.
