Kingston Police say cybercriminals have a new favorite phishing lure: PDF files. A PDF is a standard file type that presents text and images in their original format regardless of which program you use to open the file.
PDF documents can contain links and buttons, form fields, audio, and video embedded in the content. They can be signed electronically, and you can easily view PDF files on various platforms. Unfortunately, this makes the use of PDFs a great way for cybercriminals to get creative and trick victims into clicking on malicious links, Kingston Police said in a release dated Thursday, Apr. 22, 2021.
“One common tactic for phishing with PDF files is to include an image that looks like something that you should interact with,” said Constable Ash Gutheinz, Media Relations Officer, C.O.R.E. Unit. “The PDF may include a fake captcha image with the “I am not a robot” checkbox. Or the PDF may include an image of a paused video with a play button over the display. If you try to click the captcha checkbox or play the phony video, you’ll actually be clicking a link to a malicious website.”
Don’t fall for these tricks! Kingston Police shared the following tips:
- Never click or download an attachment in an email that you were not expecting.
- Remember that cybercriminals can use more than just links within emails to phish for your information. Always think before you click!
- If you receive a suspicious email at your workplace, be sure to contact your IT department or follow the specific procedure for your organization.