Hackers are carrying out cyberattacks through email that involve sending malicious emails that include PDF file attachments. Often the emails are drafted to look like a billing notification or invoice sent by a reputable company. The emails frequently include a PDF file attachment named “invoice” or are labeled with a series of numbers that appear to be an invoice number. These emails are designed to create panic with the email recipient then trick them into opening the PDF file. When the victim opens the PDF file attachment, they unknowingly step right into a dangerous trap. These PDF files may launch malicious code that infects the victim’s computer or deceptively guides the victim into downloading malware or visiting a fake website that captures their credentials or payment information.
PDF files seem harmless to most people because they normally contain plain text and images. PDF files are small, portable, and easy to open in a web browser or PDF reader. Unfortunately, most people don’t realize that PDF files can also be turned into powerful hacking tools by cybercriminals. Hackers embed malicious scripts and code that runs on your computer when you open the file. This malicious code can change your computer’s security settings, steal your credentials or encrypt your data for ransom. Malicious code can also allow the hacker to remotely access and control your computer.
PDF files are not the only file type used for cyberattacks. Other types of productivity program files can contain malicious code. Always look at the file extension before opening a file attachment. The file extension are the letters to the right of the last dot in the file name.
Do not open or double-click on a file with a high-risk file extension. Additionally, do not single click on a high-risk file and view it in “Preview” mode. Preview mode may launch malicious code.
Here is a list of file attachment types that you must consider high risk and avoid opening.
- Microsoft Office documents
These files end with the following file extensions: .doc, .docx, .xls, .xlsx, .ppt, .pptx, .accdb
- Archive files
These files end with the following file extensions: .zip, .rar, .7z, .iso
- Webpage or HTML files
These files end with the following file extensions: .html, .htm
- Script files
These files end with the following file extensions: .js, .vbs, .ps1, .bat
- Program Executable files
These files end with the following file extensions: .exe, .com, .bin
File attachments are extremely high risk. Use great caution when dealing with email file attachments of any kind, especially if the email comes from an unknown sender. In fact, the best thing to do is to simply delete unsolicited emails that include attachments. If you believe there is a possibility that you have an outstanding invoice or pending refund from a business, contact the business directly and confirm the email is legitimate. Many businesses post invoices and statements on a website that you can safely log into for accessing and viewing documents.