You've heard of a "phishing email" before, right? Have you heard of a "phishing PDF"?
Now you have...because they're everywhere.
The number of phishing attacks using PDF files increased over 1000 percent between 2019 and 2020. They're now a whole new category of cyberattack, with over 5 million infected files floating throughout the Web. (Source: KnowBe4)
Why so much, so quickly? Because people are wising up to the email method of phishing.
Cybercriminals have some messed-up priorities, but they're not stupid. If one attack method starts to lose effectiveness, they'll switch methods. Anything for one more shot at profit/blackmail/chaos.
The infected PDF files use a few different tactics to trick you into clicking. The PDF may display:
- A phony CAPTCHA ("Click here to prove you're a human")
- A picture of a coupon you can "clip" by clicking
- An image of a video still with a Play "button" in the middle
If you click any of these, you're taken to a website which downloads malware onto your device immediately. Then you're in trouble.
To avoid these infected PDFs, take the same approach as you would a phishing email: If you receive a PDF you weren't expecting, don't open it.
They will try anything they can to get you to click. Delete the messages and you're OK.
Do you have an "everyday IT" question you want answered? Send it in to firstname.lastname@example.org and it may show up in Magpie's next Tech Tip / Cyber Fu Tip.