The Latest Phishing Attack: Locked PDFs

The Latest Phishing Attack: Locked PDFs
January 5, 2018 by Nicholas R. Merker, Partner | Martha Kohlstrand, Associate

More and more, businesses are reporting a phishing scam that uses a PDF attachment to try to trick the recipient into disclosing his or her email credentials. The email arrives with a PDF attachment that appears to be locked, and the recipient supposedly must type in his or her email address and password in order to unlock it. The PDF looks like this:

When the password is put in, it is transmitted to the attacker – who now has access to the employee’s login credentials.

This phishing attack appears to be randomly targeted at unsophisticated users. To avoid falling prey to this or any other phishing scam, avoid clicking on suspicious links in emails. Hover over a suspicious link with your mouse to make sure it is going to take you where it says it will – if not, don’t click! Remember that PDFs are not typically locked in the way this document appears to be. Watch for typos in emails, which are a common tip-off to phishing scams. And when in doubt, don’t click, and ask your IT department!

For more information, contact Nick Merker, Martha Kohlstrand or another member of our Data Security and Privacy Group.

This publication is intended for general information purposes only and does not and is not intended to constitute legal advice. The reader should consult with legal counsel to determine how laws or decisions discussed herein apply to the reader’s specific circumstances.



View Full Site View Mobile Optimized