Watch Out for PDF Phishing Schemes

Scams are an unavoidable part of daily life these days. But that doesn’t mean all scams are the same: There is a huge variety of ways hackers and bad actors attempt to steal your personal information, with no end in sight. One “clever” scheme involves malicious PDFs featuring malicious links. The good news? It’s easy to avoid. How this PDF
September 26, 2023
 / 
meritsolutions
 / 
Image

Scams are an unavoidable part of daily life these days. But that doesn’t mean all scams are the same: There is a huge variety of ways hackers and bad actors attempt to steal your personal information, with no end in sight. One “clever” scheme involves malicious PDFs featuring malicious links. The good news? It’s easy to avoid.

How this PDF scam works

The scam starts like this: You receive a blank SMS, followed by a PDF. What’s in the PDF will vary based on the scheme, but, inevitably, there will be a link embedded in the document. The hope is for you to click on this link, in order to take you outside the safety of your messaging app and into the arms of the scammers.

Again, what website the link sends you to depends on the scheme: Sometimes, it resembles a financial institution, asking you to enter your banking credentials to steal them from you. Other times, the site tries to convince you to download an “update” or an important app to your phone, which ends up installing malware onto your device instead. No matter what the intent of the site is, it’s never good.

Don’t open the PDF or the link

That’s why you’re better off not opening the PDF at all. While the risk of the PDF itself is rare, it isn’t zero. Remember, Microsoft once dealt with something similar with its Follina vulnerability, which utilized compromised Office docs to hijack victims’ computers. While we have yet to hear about something similar on smartphones, it isn’t impossible.

If you do receive one of these messages, you don’t need to outright ignore it. Instead, forward the phone number or email to your carrier’s spam alert number (7726). It expects two messages: The first, the message the spammer sent you, followed by the spammer’s number or email. However, it’s impossible to forward the PDF to this number, so doubling up on the spammer’s digits or email address is the next-best solution.

Spam texts never seem to stop. Hopefully, the FCC can continue to crack down on these malicious users to stop the bombardment. Until then, employing best practices is your strongest tool against these scammers.

Share This

Leave a Reply



Sign Up for weekly MERIT Security Briefing

By signing up, you agree to our Privacy Policy.