Trends in Phishing with PDF Files

An uptick in phishing started in 2020 with the pandemic lockdowns, and it continues to be a serious cybersecurity threat in 2021. Attackers change their methods as more people become aware of their scams and cybersecurity defenses work effectively to stop them. One of the latest trends in phishing involves PDF files.

PDF files allow users to share rich-text information including links, images, animation, and even internal scripts linked to the file. In the latest group of attacks, phishing campaigns include PDF attachments that perform various methods to redirect users to a malicious site in an attempt to steal user information. Here are several PDF phishing attacks to look out for in 2021

Fake CAPTCHA Redirects

A CAPTCHA is a recognized symbol for anyone who uses the internet, so it’s an easy and convenient way to trick users into clicking a link. In this phishing campaign, an attacker inserts an image of the common Google CAPTCHA interface.

Users recognize the image and click “Continue” and expect to see a site recognizable to them. When the link is clicked, the user is redirected to an attacker-controlled site where users are asked to enter their private information.

Play Buttons on Static Images

When you see a play button on an image, your first instinct is to click the button and watch the videos. This natural reaction to a play button is what attackers expect when they send a PDF file with a static image containing a video-like play button.

This scam is common in phishing attacks targeting cryptocurrency traders and investors. PDF readers open the file, and users click the link on the fake video image. Instead of playing a video, users are redirected to a malicious site that prompts victims to enter their credit card information for a dating website.

File Sharing and Phishing

Most users have either a Google Drive account or a Microsoft OneDrive account. Gaining access to either one of these accounts provides attackers with plenty of documentation and private data from files stored on these cloud drive accounts. Attackers use image links in PDF files to trick users into divulging their user credentials so that they can access targeted victim accounts.

The image displays a prompt to access a file that the user instinctively knows should open their cloud drive, but instead a phishing page opens when the user clicks the link. This phishing page looks exactly like OneDrive or Google Drive’s landing page, so users who do not notice the domain name in their browser window will instinctively enter their username and password. After they enter this information, it’s sent to the attacker who can then access the cloud drive account.

Ecommerce Site Scams

Just like logos, using popular logos is much more convincing than using unknown brand images. Logos for sites like eBay, PayPal, Microsoft, Google, and Amazon are known globally, so attackers have many potential victims when they send phishing emails to thousands of recipients.

The latest phishing attacks using PDF files include common ecommerce logos to convince readers to click links. Ecommerce sites contain private information and credit card data, so attackers can steal products using the targeted victim’s information. For example, the PDF file might contain the Amazon log and ask users to click the link to purchase products. Instead of opening Amazon in the user’s browser, an attacker-controlled website masquerading as the legitimate site asks users to authenticate. When users enter credentials into the phishing site, an attacker now has their login information to access their ecommerce account.

The image displays a prompt to access a file that the user instinctively knows should open their cloud drive, but instead a phishing page opens when the user clicks the link. This phishing page looks exactly like OneDrive or Google Drive’s landing page, so users who do not notice the domain name in their browser window will instinctively enter their username and password. After they enter this information, it’s sent to the attacker who can then access the cloud drive account.

Conclusion

Phishing attacks still maintain the number one threat against users and businesses. Use email filters to stop these attacks. Email filters detect malicious attachments and block them from reaching the recipient’s inbox. Using email cybersecurity, businesses can greatly reduce the risk of phishing and becoming the next victim.

SpamTitan blocks spam, viruses, malware, phishing attempts and other email threats for businesses, MSP’s and schools.

Discover all the features of SpamTitan

We’re Fieldtrust !
Get in touch with us.
Live chat