Beware of PDF Phishing Schemes Via SMS
Scams come in all shapes and sizes. There are a million different ways hackers and bad actors try to part you from your personal information, and it never seems to end. A new trend seems to be popping up via SMS, looking to scam you into opening sketchy links. But don’t worry: It’s easy to avoid.
How this PDF scam works
The scam starts like this: You receive a blank SMS, followed by a PDF. What’s in the PDF will vary based on the scheme, but, inevitably, there will be a link embedded in the document. The hope is for you to click on this link, in order to take you outside the safety of your messaging app and into the arms of the scammers.
Again, what website the link sends you to depends on the scheme: Sometimes, it resembles a financial institution, asking you to enter your banking credentials to steal them from you. Other times, the site tries to convince you to download an “update” or an important app to your phone, which ends up installing malware onto your device instead. No matter what the intent of the site is, it’s never good.
Don’t open the PDF or the link
That’s why you’re better off not opening the PDF at all. While the risk of the PDF itself is rare, it isn’t zero. Remember, Microsoft recently dealt with something similar with its Follina vulnerability, which utilized compromised Office docs to hijack victims’ computers. While we have yet to hear about something similar on smartphones, it isn’t impossible.
If you do receive one of these messages, you don’t need to outright ignore it. Instead, forward the phone number or email to your carrier’s spam alert number (7726). It expects two messages: The first, the message the spammer sent you, followed by the spammer’s number or email. However, it’s impossible to forward the PDF to this number, so doubling up on the spammer’s digits or email address is the next-best solution.
Spam texts never seem to stop. Hopefully, the FCC can continue to crack down on these malicious users to stop the bombardment. Until then, employing best practices is your strongest tool against these scammers.