www.mcafee.com
Open in
urlscan Pro
104.102.58.198
Public Scan
URL:
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/pdf-phishing-beyond-the-bait/
Submission: On December 05 via api from TR — Scanned from DE
Submission: On December 05 via api from TR — Scanned from DE
Form analysis 4 forms found in the DOM
https://www.mcafee.com/blogs
<form class="desktop-search-form-v2" action="https://www.mcafee.com/blogs">
<div><span class="search_icon_desktop"> <img src="/blogs/wp-content/themes/securingtomorrow-brillio/img/new-icons/search_icon_black.svg" alt="search grey icon"> </span></div>
<div class="desktop-search-div"><input class="dsk-search" autocomplete="off" name="s" type="text" placeholder="Search"></div>
</form>https://www.mcafee.com/blogs
<form class="desktop-search-form" style="display: none;" action="https://www.mcafee.com/blogs">
<div class="desktop-search-div"><input class="dsk-search" autocomplete="off" name="s" type="text" placeholder="Type and hit enter..."></div>
<div><span class="close_icon_desktop"> <img src="https://www.mcafee.com/blogs/wp-content/themes/securingtomorrow-brillio/img/new-icons/cross-grey-icon.svg" alt="close grey icon"> </span></div>
</form>https://www.mcafee.com/blogs
<form class="form-inline my-2 my-lg-0" action="https://www.mcafee.com/blogs">
<div class="input-group mb-3 search-div">
<div class="input-group-append"><button class="sarch-btn" type="button"><span class="fa fa-search" title="Type and hit enter..."><span style="display: none;">.</span></span> </button>
</div>
</div>
</form>https://www.mcafee.com/blogs
<form action="https://www.mcafee.com/blogs" class="desktop-search-form" style="display: none;">
<div class="desktop-search-div">
<input class="dsk-search" name="s" type="text" placeholder="Type and hit enter..." autocomplete="off">
</div>
<div><span class="close_icon_desktop">
<img src="https://www.mcafee.com/blogs/wp-content/themes/securingtomorrow-brillio/img/new-icons/cross-grey-icon.svg" alt="close grey icon">
</span>
</div>
</form>Text Content
* Products
* All-In-One Protection Recommended
* NEW!
McAfee+ Products
Worry-free protection for your privacy, identity and all your personal
devices.
Individual and family plans
* NEW!
McAfee+ Ultimate
Our most comprehensive privacy, identity and device protection with $2M
ID theft coverage.
* Total Protection
Protection for your devices with identity monitoring and VPN
* Device Protection
* Antivirus
* Virtual Private Network (VPN)
* Mobile Security
* Free Tools & Downloads
* Web Protection
* Free Antivirus Trial
* Device Security Scan
* Other Services
* PC Optimizer
* Techmaster Concierge
* Virus Removal
* Features
* Keep Me Private Online
* Personal Data Cleanup
* VPN (Virtual Private Network)
* Safeguard My Identity
* Identity Monitoring
* Security Freeze
* Identity Theft Coverage & Restoration
* Password Manager
* Protect My Devices
* Antivirus
* Web Protection
* Protect My Family
* Protection Score
* Parental Controls
* About Us
* Our Company
* Company Overview
* Awards & Reviews
* Investors
* Our Efforts
* Inclusion & Diversity
* Integrity & Ethics
* Public Policy
* Join Us
* Careers
* Life at McAfee
* Our Teams
* Our Locations
* Resources
* Stay Updated
* McAfee Blog
* Reports and Guides
* McAfee Labs
* McAfee on YouTube
* Learn More
* Learn at McAfee
* What is Antivirus?
* What is a VPN?
* What is Identity Theft?
* Press & News
* McAfee Newsroom
* Why McAfee
Products
Recommended
All-In-One Protection
NEW! McAfee+ Products
Worry-free protection for your privacy, identity and all your personal devices.
Individual and family plans
NEW! McAfee+ Ultimate
Our most comprehensive privacy, identity and device protection with $2M ID theft
coverage.
Total Protection
Protection for your devices with identity monitoring and VPN
Device Protection
Antivirus
Virtual Private Network (VPN)
Mobile Security
Free Tools & Downloads
Web Protection
Free Antivirus Trial
Device Security Scan
Other Services
PC Optimizer
Techmaster Concierge
Virus Removal
Features
Keep Me Private Online
Personal Data Cleanup
VPN (Virtual Private Network)
Safeguard My Identity
Identity Monitoring
Security Freeze
Identity Theft Coverage & Restoration
Password Manager
Protect My Devices
Antivirus
Web Protection
Protect My Family
Protection Score
Parental Controls
About Us
Our Company
Company Overview
Awards & Reviews
Investors
Our Efforts
Inclusion & Diversity
Integrity & Ethics
Public Policy
Join Us
Careers
Life at McAfee
Our Teams
Our Locations
Resources
Stay Updated
McAfee Blog
Reports and Guides
McAfee Labs
McAfee on YouTube
Learn More
Learn at McAfee
What is Antivirus?
What is a VPN?
What is Identity Theft?
Press & News
McAfee Newsroom
Why McAfee
Support
Help
Customer Support
Support Community
FAQs
Contact Us
Activation
Activate Retail Card
Choose Region
Sign in
* Support
* Help
* Customer Support
* Community
* FAQs
* Contact Us
* Activation
* Activate Retail Card
*
* Sign in
*
* Blog
* Topics
Internet Security Mobile Security Family Safety Privacy & Identity Protection
Security News Tips & Tricks
* At McAfee
McAfee News Executive Perspectives McAfee Labs Life at McAfee Hackable?
Podcast
* English
* Portuguese (BR)
* Spanish
* French(FR)
* German
* Italian
* Japanese
* French(CA)
* Portuguese (PT)
* Spanish (MX)
*
* Blog
* Topics
Internet Security Mobile Security Family Safety Privacy & Identity Protection
Security News Tips & Tricks
* At McAfee
McAfee News Executive Perspectives McAfee Labs Life at McAfee Hackable?
Podcast
* .
* Portuguese (BR) Spanish French(FR) German Italian Japanese French(CA)
Portuguese (PT) Spanish (MX)
Blog Other Blogs McAfee Labs PDF Phishing: Beyond the Bait
PDF PHISHING: BEYOND THE BAIT
McAfee Labs
Dec 04, 2023
6 MIN READ
By Lakshya Mathur & Yashvi Shah
Phishing attackers aim to deceive individuals into revealing sensitive
information for financial gain, credential theft, corporate network access, and
spreading malware. This method often involves social engineering tactics,
exploiting psychological factors to manipulate victims into compromising actions
that can have profound consequences for personal and organizational security.
Over the last four months, McAfee Labs has observed a rising trend in the
utilization of PDF documents for conducting a succession of phishing campaigns.
These PDFs were delivered as email attachments.
Attackers favor using PDFs for phishing due to the file format’s widespread
trustworthiness. PDFs, commonly seen as legitimate documents, provide a
versatile platform for embedding malicious links, content, or exploits. By
leveraging social engineering and exploiting the familiarity users have with PDF
attachments, attackers increase the likelihood of successful phishing campaigns.
Additionally, PDFs offer a means to bypass email filters that may focus on
detecting threats in other file formats.
The observed phishing campaigns using PDFs were diverse, abusing various brands
such as Amazon and Apple. Attackers often impersonate well-known and trusted
entities, increasing the chances of luring users into interacting with the
malicious content. Additionally, we will delve into distinct types of URLs
utilized by attackers. By understanding the themes and URL patterns, readers can
enhance their awareness and better recognize potential phishing attempts.
Figure 1 – PDF Phishing Geo Heatmap showing McAfee customers targeted in last 1
month
DIFFERENT THEMES OF PHISHING
Attackers employ a range of corporate themes in their social engineering tactics
to entice victims into clicking on phishing links. Notable brands such as
Amazon, Apple, Netflix, and PayPal, among others, are often mimicked. The PDFs
are carefully crafted to induce a sense of urgency in the victim’s mind,
utilizing phrases like “your account needs to be updated” or “your ID has
expired.” These tactics aim to manipulate individuals into taking prompt action,
contributing to the success of the phishing campaigns.
Below are some of the examples:
Figure 2 – Fake Amazon PDF Phish
Figure 3 – Fake Apple PDF Phish
Figure 4 – Fake Internal Revenue Service PDF Phish
Figure 5 – Fake Adobe PDF Phish
Below are the stats on the volume of various themes we have seen in these
phishing campaigns.
Figure 6 – Different themed campaign stats based on McAfee customers hits in
last 1 month
ABUSE OF LINKEDIN AND GOOGLE LINKS
Cyber attackers are exploiting the popular professional networking platform
LinkedIn and leveraging Google Apps Script to redirect users to phishing
websites. Let us examine each method of abuse individually.
In the case of LinkedIn, attackers are utilizing smart links to circumvent
Anti-Virus and other security measures. Smart links are integral to the LinkedIn
Sales Navigator service, designed for tracking and marketing business accounts.
Figure 7 – LinkedIn Smart link redirecting to an external website
By employing these smart links, attackers redirect their victims to phishing
pages. This strategic approach allows them to bypass traditional protection
measures, as the use of LinkedIn as a referrer adds an element of legitimacy,
making it more challenging for security systems to detect and block malicious
activity.
In addition to exploiting LinkedIn, attackers are leveraging the functionality
of Google Apps Script to redirect users to phishing pages. Google Apps Script
serves as a JavaScript-based development platform used for creating web
applications and various other functionalities. Attackers embed malicious or
phishing code within this platform, and when victims access the associated URLs,
it triggers the display of phishing or malicious pages.
Figure 8 – Amazon fake page displayed on accessing Google script URL
As shown in Figure 8, when victims click on the “Continue” button, they are
subsequently redirected to a phishing website.
Summary
Crafting highly convincing PDFs mimicking legitimate companies has become
effortlessly achievable for attackers. These meticulously engineered PDFs create
a sense of urgency through skillful social engineering, prompting unsuspecting
customers to click on embedded phishing links. Upon taking the bait, individuals
are redirected to deceptive phishing websites, where attackers request sensitive
information. This sophisticated tactic is deployed on a global scale, with these
convincing PDFs distributed to thousands of customers worldwide. Specifically,
we highlighted the increasing use of PDFs in phishing campaigns over the past
four months, with attackers adopting diverse themes such as Amazon and Apple to
exploit user trust. Notably, phishing tactics extend to popular platforms like
LinkedIn, where attackers leverage smart links to redirect victims to phishing
pages, evading traditional security measures. Additionally, Google Apps Script
is exploited for its JavaScript-based functionality, allowing attackers to embed
malicious code and direct users to deceptive websites.
Remediation
Protecting oneself from phishing requires a combination of awareness, caution,
and security practices. Here are some key steps to help safeguard against
phishing:
* Be Skeptical: Exercise caution when receiving unsolicited emails, messages,
or social media requests, especially those with urgent or alarming content.
* Verify Sender Identity: Before clicking on any links or providing
information, verify the legitimacy of the sender. Check email addresses,
domain names, and contact details for any inconsistencies.
* Avoid Clicking on Suspicious Links: Hover over links to preview the actual
URL before clicking. Be wary of shortened URLs, and if in doubt, verify the
link’s authenticity directly with the sender or through official channels.
* Use Two-Factor Authentication (2FA): Enable 2FA whenever possible. This adds
an extra layer of security by requiring a second form of verification, such
as a code sent to your mobile device.
McAfee provides coverage against a broad spectrum of active phishing campaigns,
offering protection through features such as real-time scanning and URL
filtering. While it enhances security against various phishing attempts, users
must remain vigilant and adopt responsible online practices along with using
McAfee.
INTRODUCING MCAFEE+
Identity theft protection and privacy for your digital life
Download McAfee+ Now
Stay Updated
Follow us to stay updated on all things McAfee and on top of the latest consumer
and mobile security threats.
McAfee Labs Threat Research Team
McAfee Labs is one of the leading sources for threat research, threat
intelligence, and cybersecurity thought leadership. See our blog posts below for
more information.
MORE FROM MCAFEE LABS
Previous
PEELING BACK THE LAYERS OF REMCOSRAT MALWARE
Authored by Preksha Saxena McAfee labs observed a Remcos RAT campaign where
malicious VBS files were delivered...
Aug 29, 2023 | 9 MIN READ
CRYPTO SCAM: SPACEX TOKENS FOR SALE
Authored by: Neil Tyagi Scam artists know no bounds—and that also applies to
stealing your cryptocurrency. Crypto...
Aug 24, 2023 | 5 MIN READ
INVISIBLE ADWARE: UNVEILING AD FRAUD TARGETING ANDROID USERS
Authored by SangRyol Ryu, McAfee Threat Researcher We live in a world where
advertisements are everywhere, and...
Aug 04, 2023 | 6 MIN READ
THE SEASON OF BACK TO SCHOOL SCAMS
Authored by: Lakshya Mathur and Yashvi Shah As the Back-to-School season
approaches, scammers are taking advantage of...
Aug 02, 2023 | 5 MIN READ
BENEATH THE SURFACE: HOW HACKERS TURN NETSUPPORT AGAINST USERS
NetSupport malware variants have been a persistent threat, demonstrating
adaptability and evolving infection techniques. In this technical...
Nov 27, 2023 | 12 MIN READ
FAKE ANDROID AND IOS APPS STEAL SMS AND CONTACTS IN SOUTH KOREA
Authored by Dexter Shin Most people have smartphones these days which can be
used to easily search...
Nov 15, 2023 | 10 MIN READ
UNMASKING ASYNCRAT NEW INFECTION CHAIN
Authored by Lakshya Mathur & Vignesh Dhatchanamoorthy AsyncRAT, short for
“Asynchronous Remote Access Trojan,” is a sophisticated...
Nov 03, 2023 | 7 MIN READ
TOP 5 THINGS TO KNOW ABOUT RECENT IOT ATTACKS
While the IoT offers tremendous benefits, such as allowing users to monitor
their homes or check the...
Nov 02, 2023 | 6 MIN READ
SHORT-URL SERVICES MAY HIDE THREATS
Short-URL services have emerged as a crucial part of the way we use the
Internet. With the...
Oct 25, 2023 | 7 MIN READ
YOUR SMART COFFEE MAKER IS BREWING UP TROUBLE
A smart coffee maker, like other smart appliances, connects to your home
network, offering convenience features such...
Oct 25, 2023 | 6 MIN READ
EXPLORING WINRAR VULNERABILITY (CVE-2023-38831)
Authored by Neil Tyagi On 23 August 2023, NIST disclosed a critical RCE
vulnerability CVE-2023-38831. It is...
Sep 19, 2023 | 8 MIN READ
AGENT TESLA’S UNIQUE APPROACH: VBS AND STEGANOGRAPHY FOR DELIVERY AND INTRUSION
Authored by Yashvi Shah Agent Tesla functions as a Remote Access Trojan (RAT)
and an information stealer...
Sep 08, 2023 | 13 MIN READ
PEELING BACK THE LAYERS OF REMCOSRAT MALWARE
Authored by Preksha Saxena McAfee labs observed a Remcos RAT campaign where
malicious VBS files were delivered...
Aug 29, 2023 | 9 MIN READ
CRYPTO SCAM: SPACEX TOKENS FOR SALE
Authored by: Neil Tyagi Scam artists know no bounds—and that also applies to
stealing your cryptocurrency. Crypto...
Aug 24, 2023 | 5 MIN READ
INVISIBLE ADWARE: UNVEILING AD FRAUD TARGETING ANDROID USERS
Authored by SangRyol Ryu, McAfee Threat Researcher We live in a world where
advertisements are everywhere, and...
Aug 04, 2023 | 6 MIN READ
THE SEASON OF BACK TO SCHOOL SCAMS
Authored by: Lakshya Mathur and Yashvi Shah As the Back-to-School season
approaches, scammers are taking advantage of...
Aug 02, 2023 | 5 MIN READ
BENEATH THE SURFACE: HOW HACKERS TURN NETSUPPORT AGAINST USERS
NetSupport malware variants have been a persistent threat, demonstrating
adaptability and evolving infection techniques. In this technical...
Nov 27, 2023 | 12 MIN READ
FAKE ANDROID AND IOS APPS STEAL SMS AND CONTACTS IN SOUTH KOREA
Authored by Dexter Shin Most people have smartphones these days which can be
used to easily search...
Nov 15, 2023 | 10 MIN READ
UNMASKING ASYNCRAT NEW INFECTION CHAIN
Authored by Lakshya Mathur & Vignesh Dhatchanamoorthy AsyncRAT, short for
“Asynchronous Remote Access Trojan,” is a sophisticated...
Nov 03, 2023 | 7 MIN READ
TOP 5 THINGS TO KNOW ABOUT RECENT IOT ATTACKS
While the IoT offers tremendous benefits, such as allowing users to monitor
their homes or check the...
Nov 02, 2023 | 6 MIN READ
SHORT-URL SERVICES MAY HIDE THREATS
Short-URL services have emerged as a crucial part of the way we use the
Internet. With the...
Oct 25, 2023 | 7 MIN READ
YOUR SMART COFFEE MAKER IS BREWING UP TROUBLE
A smart coffee maker, like other smart appliances, connects to your home
network, offering convenience features such...
Oct 25, 2023 | 6 MIN READ
EXPLORING WINRAR VULNERABILITY (CVE-2023-38831)
Authored by Neil Tyagi On 23 August 2023, NIST disclosed a critical RCE
vulnerability CVE-2023-38831. It is...
Sep 19, 2023 | 8 MIN READ
AGENT TESLA’S UNIQUE APPROACH: VBS AND STEGANOGRAPHY FOR DELIVERY AND INTRUSION
Authored by Yashvi Shah Agent Tesla functions as a Remote Access Trojan (RAT)
and an information stealer...
Sep 08, 2023 | 13 MIN READ
PEELING BACK THE LAYERS OF REMCOSRAT MALWARE
Authored by Preksha Saxena McAfee labs observed a Remcos RAT campaign where
malicious VBS files were delivered...
Aug 29, 2023 | 9 MIN READ
CRYPTO SCAM: SPACEX TOKENS FOR SALE
Authored by: Neil Tyagi Scam artists know no bounds—and that also applies to
stealing your cryptocurrency. Crypto...
Aug 24, 2023 | 5 MIN READ
INVISIBLE ADWARE: UNVEILING AD FRAUD TARGETING ANDROID USERS
Authored by SangRyol Ryu, McAfee Threat Researcher We live in a world where
advertisements are everywhere, and...
Aug 04, 2023 | 6 MIN READ
THE SEASON OF BACK TO SCHOOL SCAMS
Authored by: Lakshya Mathur and Yashvi Shah As the Back-to-School season
approaches, scammers are taking advantage of...
Aug 02, 2023 | 5 MIN READ
Next
* 1
* 2
* 3
Back to top
*
*
*
*
*
--------------------------------------------------------------------------------
Corporate Headquarters
6220 America Center Drive
San Jose, CA 95002 USA
Products
McAfee+
McAfee® Total Protection
McAfee Antivirus
McAfee Safe Connect
McAfee PC Optimizer
McAfee Techmaster
McAfee Mobile Security
Resources
Antivirus
Free Downloads
Parental Controls
Malware
Firewall
Blogs
Activate Retail Card
McAfee Labs
Support
Customer Support
FAQs
Renewals
Support Community
About
About McAfee
Careers
Contact Us
Newsroom
Investors
Legal Terms
Your Privacy Choices
System Requirements
Sitemap
--------------------------------------------------------------------------------
United States / English Copyright © 2023 McAfee, LLC
United States / English Copyright © 2023 McAfee, LLC
✓
Thanks for sharing!
AddToAny
More…