Cybercriminals are trying to trick you with PDFs that contain malicious content. You receive an email with a PDF attachment that appears to be from a major organization like Microsoft, DocuSign, or PayPal. The subject of the email seems alarming and makes it appear that you have an issue with your account. If you open the PDF attachment, it contains official logos and professional formatting. It appears legitimate, and the instructions direct you to call a customer service phone number.
But this PDF file is actually a phishing attempt. The phone number is fake, and if you call, a cybercriminal will answer and pretend to be a customer support representative. They will try to trick you into installing malware on your device. They will also try to manipulate you into giving them your user credentials or financial information so that they can solve the “problem” with your account. This type of scam can be very effective because you may be more likely to trust a voice over the phone, especially if they claim that they are trying to help you.
Follow these tips to avoid falling victim to a phishing scam:
Be suspicious of unexpected emails, especially those containing attachments. You should never open an attachment unless you are sure who sent it.
Be cautious when contacting an organization using information provided in an email. It’s always safer to use the contact information listed on an organization’s official website.
Remember that legitimate organizations rarely send urgent requests through PDF attachments. Cybercriminals will often attempt to create a sense of urgency to trick you into acting impulsively.
A vigilant workforce is the most effective defense against these attacks. Reach out to access training and simulations that empower your team to recognize and respond to attacks like this one.
