When PDFs Are Used for Phishing Scams

Cyber criminals are increasingly using PDF attachments to deliver phishing attacks. These emails often appear to come from trusted organizations like Microsoft, DocuSign, or PayPal, with subject lines designed to create urgency—claiming account issues, requiring immediate action or a fake purchase you did not make. This is very difficult for anti-virus and anti-spam software to read PDF's to detect if they are legit or not.

The attached PDF typically looks professional, featuring official logos and formatting. It instructs the recipient to call a customer support number. However, this number connects you directly to a scammer posing as a legitimate representative.

Once on the call, the scammer may attempt to:

• Convince you to install malware
• Coerce you into providing login credentials or financial details
• All under the pretense of resolving a fabricated issue.

How to Protect Yourself:

• Be cautious with unexpected emails, especially those with attachments. Do not open attachments unless you're certain of the sender’s identity.
• Avoid using contact information provided in emails. Instead, visit the organization’s official website for verified details.
• Recognize that legitimate companies rarely send urgent requests via PDF attachments. Scammers use urgency to pressure quick, unverified action.

Stay alert. When in doubt, verify before you engage.