Hook attacks via PDF files: how to protect yourself

Hook attacks via PDF files: how to protect yourself


The era of cybersecurity: piercing the secrets behind the laptop screen

Illustration of a computer hacker with a laptop. Source: ONEC1

In a recent report, Zimperium security researchers have identified a new phishing campaign that uses malicious PDFs distributed by SMS and by email.

Here is what we know

These files contain hidden malicious links that redirect users to phishing websites where personal information such as names, addresses and details of credit cards are stolen. The method used by attackers to hide the links is particularly dangerous: instead of using the standard tag /URI, they use graphic overlays, which makes it difficult to detect the threat.

Example of a phishing attack using a PDF file.
Example of a phishing attack using a PDF file. Illustration: Zimperium

Mobile devices are particularly vulnerable to these attacks due to the reduced size of the screen, which limits the possibility of checking the content of the files before opening them. Zimperium’s survey made it possible to discover more than 20 malicious PDFs and 630 pages of phishing targeting organizations and individuals in more than 50 countries.

To protect yourself against phishing attacks, it is recommended to verify the sender information, including the accuracy of URL of the websites, to avoid opening messages from unknown shippers and to go directly On sites or banking applications rather than following the links appearing in messages.

Source : Zimperium, techradar

Related Articles