Phishing attacks using PDF files have spiked over the past year, according to researchers at Palo Alto Networks’ Unit 42.
“From 2019 to 2020, we noticed a dramatic 1,160% increase in malicious PDF files – from 411,800 malicious files to 5,224,056,” the researchers write. “PDF files are an enticing phishing vector as they are cross-platform and allow attackers to engage with users, making their schemes more believable as opposed to a text-based email with a plain link.”
Researchers identified five common types of PDF phishing, detailed below.
- Fake CAPTCHA: The most common form of PDF phishing uses an image of a fake CAPTCHA to trick victims into clicking the “Continue” button, which leads to a malicious site.
- Coupon: Coupon phishing uses an image that appears to be a coupon and tells victims to click the picture to get 50% off a product. Once clicked, the “coupon” brings users to a malicious site.
- Static Image with a Play Button: The third type of PDF phishing uses images that appear to be paused videos but lead to a phishing site. “Although we observed several categories of images, a significant portion of them either used nudity or followed specific monetary themes such as Bitcoin, stock charts and the like to lure users into clicking the play button,” Unit 42 says.
- File-Sharing: File-sharing PDF phishing utilizes popular online file-sharing services to grab the user’s attention. They often inform the user that someone has shared a document with them. However, the user cannot see the content and needs to click on an embedded button or a link, which leads to a malicious site.
- E-commerce: Some fraudulent PDF files use common e-commerce brands to trick users into clicking on malicious embedded links.
The researchers conclude that users need to pause and think when they receive a suspicious file.
“Data from recent years demonstrates that the amount of phishing attacks continues to increase, and social engineering is the main vector for attackers to take advantage of users,” the researchers write. “Prior research has shown that large-scale phishing can have a click-through rate of up to 8%. Thus, it is important to verify and double-check the files you receive unexpectedly, even if they are from an entity you know and trust.
Information used in this article was provided by our partners at KnowBe4.