A report issued by Palo Alto Networks revealed the most prominent trends and methods used by attackers in 2020 to entice users to click on links and buttons sent within PDF files to carry out phishing attacks. Experts noticed that the spread of malicious PDF files increased tremendously between 2019 and 2020 by 1160%, as the number of these files increased from 411,800 to 5,244,056 files.
PDF files are attractive phishing methods, as they work on various platforms, allowing attackers to interact with users effectively, making their hacking schemes more believable unlike email-based phishing, which is based on texts with only regular links. The report detected more than 5 million malicious PDF files in 2020.
Here are the top 5 trends and methods used by attackers in 2020 to launch phishing attacks using PDF files:
Fake verification files
Fake PDF or CAPTCHA PDF verification files, as their name suggests, require users to verify that they are human users with a false verification test. Captchas are response tests that help determine whether a user is a human or a machine.
The second category we identified was phishing PDFs in the form of fake coupons, often using the logo of a prominent oil company. A large number of these files have been published in Russian with notes such as 50% СКИДКУ and "ЖМИТЕ НА КАРТИНКУ, which mean respectively get 50% off and click on the picture.
Still image with a play button
These phishing files do not necessarily carry a specific message, as they often contain static images with only a play button. Although we noticed several categories of images, a large part of them either contained pornographic images, or they covered specific financial topics such as bitcoin, stock charts, and the like, in order to entice users to click the play button.
This category of PDF phishing takes advantage of popular file-sharing services on the Internet to grab users attention. Often these files inform users that someone has shared a document with them. However, due to reasons that may differ from one PDF file to another, the user cannot see the content of these files but apparently needs to click immediately on a button or link included in these files.
Including e-commerce in emails and phishing documents is not a new trend. However, we have seen a spike in the number of fraudulent PDFs that use popular e-commerce brands to trick users into clicking on the embedded links.