Instead of having malicious links directly in an email, cybercriminals are now increasingly hiding them in pdf files that they can distribute in a variety of ways.
A new compilation made by the IT security company Palo Alto Networks shows that the use of pdf files to trick users into clicking on malicious links increased by as much as 1000 percent in 2020.
In 2019, Palo Alto Network’s analysts identified 411,800 malicious pdf files. By 2020, the number had grown to over five million.
Because the pdf files have a layout and design that looks credible, users are tricked into clicking on images or buttons in the files. The links usually do not lead to the phishing page itself, but the victim is quickly redirected to a number of different pages to make the attack as effective and invisible as possible.
According to Palo Alto Networks, there are five common attacks that are currently being distributed via pdf files:
1) Users are tricked into interacting with a fake captcha robot file that consists of only one image. A click on “continue” takes the user to a web page where phishing occurs.
2) An image or button in the document entices the user with an aggressive discount offer.
3) A static image with a play button tricks the user that there is an embedded movie that can be played.
4) The user is prompted to click to access a file shared by someone. An image from popular services such as Dropbox or Onedrive is often used.
5) Requests to update outdated customer or credit card information. Usually, the attacker here also copies the appearance from well-used and well-known e-commerce sites.
Palo Alto Networks urges Internet users to be extra careful about opening and clicking attachments that are not expected or that come from an unknown sender.