Cybercriminals are always on the lookout for ways to trick you into believing something is legitimate. Even if they can only get you into ‘not quite sure’ mode they may be able to execute their cunning plan; this being usually to get you to click on a link or download an attachment.
This week’s scammers have not let us down. The scam is based on the old attachment trick, here’s what it looks like and what hidden gems are in our phishing email of the week.
The PDF Attachment Scam
There were several clues that this email was less than legitimate.
- The sender’s email address was clearly not an Apple email account:
authorizecodenumber-accountmail.recoveryid03538@omahosh.com
- The email uses the tricks of urgency and concern to encourage you to open an attachment. It purports to be a service email from an Apple account with the title:
“The latest issue of the account activity has been updated and received”
Notably, the title is not constructed well and doesn’t quite make sense.
Even with these clues you may not notice the signs as you worry about your account being compromised – we are all human and fallible; it is this fact that cybercriminals rely on.
Once the email is opened, you see a PDF attachment. With a warning in the body of the email:
“Check the activity of the last your account , things as we found its the activity of suspicious in the account.”
Again, the wording is badly composed and grammatically incorrect.
What is in the PDF Attachment?
PDF attachments in phishing emails are usually one of two things?
- Malware carriers
- Carriers of phishing links
This one is most definitely a malware carrier. Running the file through a security analyser shows that it is likely a keystroke sniffer, i.e., if your computer is infected with this malware it will steal login credentials and other data as you type it in.
Cybercriminals have also been using PDF’s recently as a means to help evade detection. Instead of adding malicious links to an email that some email gateways can detect and quarantine, they have been including them in PDF files. If you open the PDF and click on one of the links it will take you to a spoof web page in the same way a malicious link in a phishing email will.
Cybercriminals are crafty. The best defence is knowing what tricks they use. However, you should also keep your operating system and other software up to date with security patches and run anti-malware software, just to cover all bases.
Why not help your colleagues stay safe and send them this little reminder. Feel free to edit, copy/paste the advice below:
The PDF Attachment Scam(s)
Caution should be taken when receiving an unsolicited email that contains a PDF document. If the email looks at all suspicious be extra careful. The PDF may be infected with malware that steals login credentials and other data. If not infected, any links inside the PDF may take you to an illegitimate phishing site.
DO NOT OPEN THE PDF DOCUMENT OR CLICK ANY LINKS IN THE PDF
For more information on what to do if you receive a phishing email check out “What to Do if You Click on a Phishing Link?”
© 2023 . The Defence Works. All rights reserved.