Tech Tips

August 12, 2021

Malware-Infected PDFs Spreading Like Crazy – Here's How to Spot Them

Phishing attacks using PDF files – a common, easy-to-open document type – exploded in 2020. They use the same approach as phishing emails, but fewer people know about them. Here's how to identify an infected PDF...before you open it and unleash chaos.

You've heard of a "phishing email" before, right? Have you heard of a "phishing PDF"?

Now you have...because they're everywhere.

The number of phishing attacks using PDF files increased over 1000 percent between 2019 and 2020. They're now a whole new category of cyberattack, with over 5 million infected files floating throughout the Web. (Source: KnowBe4)

Why so much, so quickly? Because people are wising up to the email method of phishing.

Cybercriminals have some messed-up priorities, but they're not stupid. If one attack method starts to lose effectiveness, they'll switch methods. Anything for one more shot at profit/blackmail/chaos.

The infected PDF files use a few different tactics to trick you into clicking. The PDF may display:

  1. A phony CAPTCHA ("Click here to prove you're a human")
  2. A picture of a coupon you can "clip" by clicking
  3. An image of a video still with a Play "button" in the middle

If you click any of these, you're taken to a website which downloads malware onto your device immediately. Then you're in trouble.

To avoid these infected PDFs, take the same approach as you would a phishing email: If you receive a PDF you weren't expecting, don't open it.

They will try anything they can to get you to click. Delete the messages and you're OK.


Do you have an "everyday IT" question you want answered? Send it in to and it may show up in Magpie's next Tech Tip / Cyber Fu Tip.