Phisher’s new social engineering trick: PDF attachments with malicious links.

As we continue to find ways to raise awareness and keep our environment secure. Please be aware of the new phishing trick.

The latest attacks through PDF attachments are geared towards pushing users to enter their email account credential into well-crafted phishing pages.

New Attack variants

The PDF makes it look like there has been an error, and the document can only be displayed with Microsoft Excel. But instead of actually opening it with their own software, potential victims are urged to open it by following the link offered in the PDF file.

STOP HERE. Why Adobe Reader is trying to open an Excel file? Adobe is for reading PDF file not Excel file. If you receive a similar email, delete it right away.

Another example, the PDF urges user to click on a link that will supposedly allow them to view a Dropbox-hosted document online. Again, they are redirected to a phishing page that “allows” them to view the document only if they log in with their email credentials:

STOP HERE. Why Dropbox is requiring you to enter your email credentials, not your Dropbox account? If you notice, the URL address is using HTTP not HTTPS to secure your session. This well crafted phishing page is designed to get your email from gmail, outlook, yahoo, Office 365, etc.

Social engineering attacks are designed to take advantage of possible lapses in decision-making. Awareness is key, that’s why we continue to share this article to all our readers to make these cybercriminal tactics known. Share with your family and friends.

Keep your software up to date.

Microsoft Edge through SmartScreen technology block these phishing pages from loading, but not Internet Explorer 11. Firefox latest version flags HTTP login pages as insecure. Please use the latest release of modern Internet Browser.

Source: HelpNetSecurity