Cybercriminals have a new favorite phishing lure: PDF files. A PDF is a standard file type that presents text and images in their original format regardless of which program you use to open the file. Unfortunately, this makes the use of PDFs a great way for cybercriminals to get creative and trick victims into clicking on malicious links.
One common tactic for phishing with PDF files is to include an image that looks like something that you should interact with. The PDF may include a fake captcha image with the “I am not a robot” checkbox. Or the PDF may include an image of a paused video with a play button over the display. If you try to click the captcha checkbox or play the phony video, you’ll actually be clicking a link to a malicious website.
Don’t fall for these tricks! Remember the following tips:
- Never click or download an attachment in an email that you were not expecting.
- Remember that cybercriminals can use more than just links within emails to phish for your information. Always think before you click!
- If you receive a suspicious email, be sure to contact your IT department or follow the specific procedure for your organization.
Stop, Look, and Think. Don’t be fooled.