Don’t Fall for PDF Phishing Schemes
Never open attachments from strangers.
Scams are unfortunately all too common these days. Part of the problem is that there are so many scams to watch out for. Take this one for instance: This “clever” scheme involves sending you malicious PDFs embedded with malicious links. Here’s what to look out for.
How this PDF scam works
The scam starts like this: You receive a blank SMS, followed by a PDF. What’s in the PDF will vary based on the scheme, but, inevitably, there will be a link embedded in the document. The hope is for you to click on this link, in order to take you outside the safety of your messaging app and into the arms of the scammers.
Again, what website the link sends you to depends on the scheme: Sometimes, it resembles a financial institution, asking you to enter your banking credentials to steal them from you. Other times, the site tries to convince you to download an “update” or an important app to your phone, which ends up installing malware onto your device instead. No matter what the intent of the site is, it’s never good.
Don’t open the PDF or the link
That’s why you’re better off not opening the PDF at all. While the risk of the PDF itself is rare, it isn’t zero. Remember, Microsoft once dealt with something similar with its Follina vulnerability, which utilized compromised Office docs to hijack victims’ computers. While we have yet to hear about something similar on smartphones, it isn’t impossible.
If you do receive one of these messages, you don’t need to outright ignore it. Instead, forward the phone number or email to your carrier’s spam alert number (7726). It expects two messages: The first, the message the spammer sent you, followed by the spammer’s number or email. However, it’s impossible to forward the PDF to this number, so doubling up on the spammer’s digits or email address is the next-best solution.
Spam texts never seem to stop. Hopefully, the FCC can continue to crack down on these malicious users to stop the bombardment. Until then, employing best practices is your strongest tool against these scammers.
Share This
Ignore don’t open is my motto
but having a place to send the questionable emails phone numbers is a helpful solution with your carries hopefully will crack down on the ongoing onslaught of spammers