We’ve reported on the growing number of phishing scams using PDF files to lure people into clicking links. Well, here’s a variation.
In this variety of phish, you receive an attachment that claims to be a locked PDF (as shown in the screenshot to the left). If you click Open, you’re prompted for your username and password. Provide them, and you’ve just surrendered your UDelNet credentials to the scammer.
We heard from one person who had been hooked by this phish. Once he realized that he’d fallen for a scam, he immediately changed his UDelNet password. Since he has two-factor authentication (2FA) turned on, his information would probably have been safe anyway, but now he’s double sure his account won’t be stolen.
Your takeaways?
- Be wary of unexpected attachments, even those allegedly sent by people you know.
- Sign up for 2FA at UD, Amazon, banks that offer it, Gmail, Yahoo!–any place that offers two-step/two-factor authentication to protect your account.
- Think B4 U Click!