As we’ve been reporting this summer, more and more phishing scams are coming in using attached PDF files to try to bypass standard email security protocols.

Here’s info on one reported to us today:

  • It comes from Nigeria via a hacked UD account — someone who fell for a previous phishing scam and did not have two factor authentication (2FA) turned on.
  • The subject line is reported to be “DOCUMENT.” The message is brief, and instructs the reader to open the attached document.
  • The message includes a “Secured PDF Online Document” that unwary email readers will click because of the way the blurred image looks: Is that a health insurance provider’s logo to the top left? What’s “APPROVED” to the lower right?
    fake PDF
  • See this attachment? Delete the message!

Email anti-spam detection is getting better. More phishing emails that contain a link to a malicious site in the body of an email are getting filtered out of people’s inboxes.

So the hackers are using tactics that rely on malicious attachments or malicious links embedded in attachments. The automated filtering used by most email services has not yet caught up to this trick. Therefore, we caution you to be especially wary of PDF attachments that seem a trifle shady — and whose main goal is to get you to click a link.

Sign up for 2FA at UD, at other email services, at Amazon, at your bank–wherever you can. And above all,

Think B4 U Click!