- Phishing emails carrying PDF attachments are on the rise, report warns
- Check Point highlights how hackers love PDFs for customization
- Social engineering attacks using PDFs are also on the rise
At least one in every five phishing emails carries a .PDF attachment, researchers are saying, warning that the popular file format is being increasingly used in social engineering attacks.
A new report from Check Point Research claims PDF-based attacks now account for 22% of all malicious email attachments, making them particularly concerning for businesses sharing large quantities of these files every day.
In earlier years, many of the attacks relied on JavaScript or other dynamic content being embedded within the files. While this approach is still seen in the wild, it has become less common, since JavaScript-based attacks tend to be “noisy” and easier to detect by security solutions.
Email remains one of the most popular attack vectors out there, with more than two-thirds (68%) of cyberattacks beginning this way.
Customizing the link
Today, cybercriminals are pivoting towards a simpler, more effective approach, Check Point says – social engineering.
Generally speaking, the attacks don’t differ much from your usual phishing email. The PDF attachment would serve as a launch pad, often carrying a link that would redirect a person to a malicious landing page or a website hosting malware.
That way, the malicious links are hidden from security filters, making sure the files are received straight to the inbox.
Furthermore, placing the link in a PDF gives the attackers full control – they can change the text, the image, or any other aspect of the link, making it more trustworthy.
The files are often designed to mimic trusted brands like AmazonDocuSign, or Acrobat Reader.
“Even though these attacks involve human interaction (the victim must click the link), this is often an advantage for attackers, as sandboxes and automated detection systems struggle with tasks that require human decision-making,” Check Point concluded.