skip to Main Content

Email Phishing Attack by Social Engg Tech via PDF attachments

Email Phishing Attack by Social Engg Tech via PDF attachments

Email Phishing Attack by Social Engg Tech via PDF attachments – This is one of the newest online scam by Phishers who use PDF attachments to steal email credentials even of technical users. Although they use simple but clever social engineering techniques to accomplish their tasks. The PDF like attachment are being used on online email phishing attacks. They ask the victim to enter the sensitive information related to credentials. These cybercriminals use social engineering techniques as weapon to target payload from the web. In this article we will illustrate you the procedure how Phishers target their victims. The phishers use two major ways or ideas to target the innocent victims.

How do Phishers target via Pdf attachments

Online Email Phishing Attack Idea 1 –

The phishers link fraudulent Pdf attachments with email messages that pretend to be an official communication such as “quotation of a product or service from a legitimate company”.

When you open the attachment, it is an actual pdf file that is made to appear like an error message. It contains an instruction to open document with Microsoft Excel. In reality these file are linked with a website.

When you click to open document with Microsoft excel, it brings you to a website. In this website social engineering attack continues with a message that the document is protected because it is confidential and it need to sign in with your email credentials.

Note – If a user is using Microsoft edge or Microsoft SmartScreen, it block this website and stop such phishing activity.

If you are using any other browser, it does not block the website and continue further. Now here you are asked to enter your email address and password. The website is so beautifully designed that appear like you are opening an excel file. But in reality such excel looking file is just an image.

Now if a user fall in such social engineering tricks and entered email credentials, they are redirected to a page which says “The document is protected because it is confidential and you need to sign in with your valid email to view it”. But the credentials you have entered was correct. At this point the Phishers will have your email credentials saved. Once they have access to your email, the attackers can launch further phishing attacks against your contacts, or gain access to your social networking, online banking, or online gaming accounts.

Online Dropbox Phishing Attack Idea 2 –

In this case you receive a pdf file from Dropbox and need to log in using email credentials. After clicking the link will redirect you to fake Dropbox login page that gives you multi options to sign in using either Google, Outlook, AOL, Yahoo or other email credentials. If you enter your login details, an actual pdf document will open in a window. This actual pdf is opened because you do not immediately suspect you are phished. At this time the attackers will have your credentials and ready for attack.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Back To Top