There has been a surge in phishing since the beginning of the COVID-19 pandemic in early 2020 and there is no sign, or likelihood, that this wille ase off due to the massive profits that cybercriminals are making from these attacks. Hackers continues to devise new and more believable strategies in order to counter individuals and group becoming aware of their attack methods and cybersecurity measures are enhanced to takcle them. Recently, a sharp focus from hackers on the leverage of PDF files for phishing purposes has been noticed.

The use of files like this permits the use of rich-text information such as URLS, pictures, GIFs, and internal scripts linked to the file. In the most recent string of attacks, phishing campaigns incorporate PDF attachments that conduct a range of tactics to bring users to a malicious site as they try to harvest data. Here are five styles of PDF phishing attacks to look be aware of at present:

  1. File Sharing and Phishing: The majority of web users either a Google Drive account or a Microsoft OneDrive account. Access one of these will give hackers enough info and private data to. Cybercriminals implement the use of PDF files to make viewers hand over the private log on details which will allow them to infiltrated targeted victim accounts. The picture shows a prompt that will grant access a file that the user instinctively knows should click on within their cloud drive. However a phishing page appears when the user clicks the URL. This phishing page identical to OneDrive or Google Drive’s landing page, so users who do not see the actual domain name in their browser window will just hand over their username and password details. Once they do this the hacker will receive it and be able to access the cloud drive account.
  2. Fake CAPTCHA Redirects: A CAPTCHA is a recognized symbol for Internet users and therefore is a straightforward way to fool users into visiting a URL. This attack features the hacker placing an image of the common Google CAPTCHA interface within the sent email. Users recognize the image and choose “Continue” and expect to see the website that they are attempting to access. When the link is visited, the user is taken to a cybercriminal-controlled site where users must hand over their private information.
  3. Ecommerce Site Scams: The most recent PDF phishing attacks feature popular common ecommerce logos to trick users into thinking that clicks are genuine. Ecommerce portals often require private information and credit card data, so attackers can harvest products using the targeted victim’s data information. In some cases the PDF file might include the official Amazon logo and request users to visit  the link to buy products. Rather that visiting Amazon in the user’s browser, a cybercriminal-controlled website pretending to be the legitimate portal asks users to authenticate. When users hand over details credentials, the cybercriminal gains their login information to access their ecommerce account.
  4. Play Buttons on Static Images: If there is a play button present on a picture it will, typically, be clicked on in order to play a video. A recent scam, targeting cryptocurrency traders and investors, gets PDF readers to open the file in the hop ethat they will click the link on the fake video image. Rather than playing a video, users are taken to a phishing website that asks them to hand over their credit card information for a dating portal.
  5. Using Popular Logos for Malicious Redirects: It is not difficult to prompt users to click links using recognizable logos. When hackers use a logo from a well-known brand, they can fool users into visiting the logo. With this attack, an image of a well-known brand is placed within the PDF file with the offer of a discount. It appears to be the same as a common brand sale, so it fools users into clicking on the image. After the user does so, a browser opens and targets a redirect site. The redirect site then shares an attacker-controlled phishing page to the user. Just like with the CAPTCHA scam, users who do not realizethat the redirect is not what it seems may hand over private data or login credentials to access the platform.


Using email filters to stop these attacks will mean that malicious attachments are recognized and prevented from reaching the intended recipient’s inbox. A SpamTitan email filter will prevent blocks spam, viruses, malware, phishing attempts and other email threats that are targeting companies, MSP’s and educational bodies worldwide.