Security researchers have found that hackers are using a rather new technique that involves phishing using PDF attachments to steal your email credentials.
In a recent Microsoft blog, folks over at malware prevention team pointed that the above-mentioned phishing activity that usually occurs during the holiday season has not go down this winter. However, this time with the new spam campaign all featuring PDFs, there is a little less exploit code or malware.
Instead of using more “traditional” techniques, hackers now are relying on the social engineering to lead the victims to their phishing pages where they will be attacked by asking them and divulging the sensitive information. It is not known just how many normal people are victims to these attacks, but Microsoft wants everyone to cautious of how they could be affected.
To which extent, there are many examples of how you may fall victim to a phishing scam without having any idea on whats going on.
One method identified by the Microsoft is when these PDF attachments have been sent they are made to look just as if they come from good and legitimate company. In that case, the PDF is a quotation for a product or a service, for instance. Therefore, you should pay extra attention when receiving such emails, because even if they look real, they might be spoofed, so do check the address they’re coming from. When opened, the mail displays a message that you’ll need to open with Excel, but instead sends you to a new page where you will have to input your credentials to get access to it.
Of course, this is all a ruse, and it shows why it is important to have the latest browser versions installed. Firefox and Chrome, for instance, have both started flagging down unsecured connections where your information is required.