Security Alert: Fraudulent Phishing Emails with PDF Attachment

We’ve seen an influx of fraudulent phishing “please review” emails this week coming to our own staff so it serves as a good reminder to inform you of these threats that masquerade as legitimate emails.

The emails we are seeing are written so that they appear to come from a person at a legitimate company and contain a PDF attachment asking you to review important information such as invoices or other “important information.” The emails are sent from individuals who have fallen for the trick and have had their email address compromised. One of the messages we received from was from a local company in Mukilteo. This may have been caused by the person falling for the phishing attack and providing their username/password, a weak password, insecure servers or poor malware protection. They may specifically target people in the compromised account’s contact list as they may be expecting to hear from that person and are more likely to fall for the request. Here’s an example of the text in one of these emails:

Hello,

Please review the below FirstName LastName (CompanyName) 11/15/2017 Official Documents

Kindly, click open file using supportive web browser. Document is securely send using PDF scanner. Feel free to contact me if you have any questions.

Note: Open Attached PDF and preview with Existing ID

Upon opening the PDF attachment, it contains a link to “Click Here” or “Sign In” to “unlock the document” or “view the invoice” and you are encouraged to ignore any security warnings and to sign in with your “existing email ID”. This particular threat does not contain malicious malware within the attachment and preys upon the weakest link in the security chain – the user providing their information of their own free will. Remember that hackers frequently use social engineering techniques to manipulate users and obtain sensitive data. If you feel tricked, trust your instincts and don’t do what they’re asking of you.

So what happens if you click on the link? Possibly nothing in this case, although it’s better not to do so. So long as you exited the web page and didn’t provide any sensitive information you likely thwarted the threat. If you did provide your information, you should immediately change your password on your account and any others that use the same credentials. Contact us ASAP and we can assist with this. Many phishing sites do contain payloads which attempt to load malicious files onto your PC without your consent so the best course of action is to not take any chances and immediately delete any non-legitimate emails and not to click on any links.

To prevent the success of phishing techniques you should always be leery of emails that are impersonal, from people you don’t know, or do not address you by name. One trick is to mouse over a link to see where it will take you before you click on it. Links can sometimes be shortened with bitly URL shorteners so this doesn’t always help but if you don’t recognize where the link is taking you, treat it as suspicious.