Cybercriminals are using real business email addresses and fake PDF attachments to steal your login credentials.
This week’s scam involves a business email compromise, or BEC, attack, where cybercriminals access a real business email address and use it to send malicious emails. You receive an email that looks like a simple file-sharing notification, with an attachment that seems to be a PDF document. The email even comes from a legitimate business email address. Because it looks like the email is from a trusted source, you might be tempted to open it.
However, this is actually a phishing attack! Cybercriminals will use a compromised business email account to send you a malicious PDF attachment. If you open the PDF, you’ll be taken to a fake login page. To further trick you, this page may even first ask you to complete a fake security verification. But if you enter your user information on the login page, you’ll give it directly to cybercriminals!
Tips to Stay Safe
Follow these tips to avoid falling victim to this BEC scam:
- Be suspicious of attachments that redirect you to a website. If an attachment opens a web browser and asks you to log in, it’s a major red flag that you’re on a phishing site.
- Never assume a security check on a login page means the site is safe. Cybercriminals add these features to their fake pages to make them seem more legitimate.
- Remember, even if an email appears to be from a trusted source, you should always use caution before selecting links or opening attachments, especially if the email is unexpected. Always stop and think before taking action!
Stop. Look. Think. And don’t be fooled.
Tips of the Week Brought to You By Our Partners at KnowBe4
KnowBe4 is the world’s most popular integrated platform for awareness training combined with simulated phishing attacks. Let Keller Schroeder show you how KnowBe4 has helped thousands of organizations just like yours manage the continuing problem of social engineering. Contact us today to learn more.
