Let’s take a look at a PDF phishing scam that may be lurking in your inbox.

 

How PDF phishing scams work

Cybercriminals attempt to trick you by sending malicious PDF attachments to your inbox. The emails mimic trustworthy organizations, such as your utility company, an online retailer, or even your bank. The email has an attachment, featuring an official logo and professional formatting, and at a quick glance, may appear legitimate. The email instructs you to call the provided customer support number or click the link to resolve an issue.

 

Here's the catch

  • The phone number is fake, and if you call it, a cybercriminal might answer, pretending to be a customer service agent. They may "help" you install malware on your device. They may also try to convince you to give them your user credentials or account information so they can resolve the "problem" with your account. 
  • The link may install malware on your device without you knowing.

 

Protect yourself

Here are safe ways to handle suspicious, or better yet, all emails

  1. Be very cautious of unexpected emails. 
    Scammers are clever, and PDFs can appear nearly identical to a genuine document. Don’t be in a hurry to resolve the issue. Pause and verify before acting.
     
  2. Be careful when reaching out to organizations - verify their contact information before making contact.
    Scammers create fake websites, phone numbers, email addresses and support staff that may appear official. Don’t rely on the contact information provided in the email or PDF attachment. Take the time to visit the organization’s official website or log in to your account to get in touch.
     
  3. Verify the email’s legitimacy.
    While an email may look legit, it may be a trap. Any email that pressures you to act quickly or threatens legal action is a red flag, especially if it arrives in your inbox without prior notice or consent. Pause and verify before acting. A quick web search or call to the company’s official number can protect you from a scam.

 

Think before you click or call.

Want more safety and security tips? Visit our Security Center for tools, best practices, and alerts to help you stay ahead of scammers.

 

A big thanks to our friends at KnowBe4, who help keep us Security Aware.