Beware PDF: researchers reveal how attackers are using PDFs to steal data via SMS and Email
In a recent report, security researchers at Zimperium have identified a new phishing campaign that utilises malicious PDFs distributed via SMS and email.
Here's What We Know
These files contain hidden malicious links that redirect users to phishing websites where personal information such as names, addresses and credit card details are stolen. The method used by attackers to hide the links is particularly dangerous: instead of using the standard /URI tag, they use graphic overlays, making it difficult to detect the threat.
An example of a phishing attack using a PDF file. Illustration: zimperium
Mobile devices are particularly vulnerable to these attacks due to the smaller screen size, which limits the ability to check the content of files before opening them. Zimperium's investigation uncovered more than 20 malicious PDFs and 630 phishing pages targeting organisations and individuals in more than 50 countries.
To protect against phishing attacks, it is recommended to verify sender information, including the accuracy of website URLs, avoid opening messages from unknown senders, and navigate to banking sites or apps directly rather than following links from messages.
