Saltar al contenido

Clean attached PDF but with a phishing link

PDF con enlace falso a otro PDF

When it comes to cheating in the world of cybercrime, the simplest is often the most effective, and the next method discussed by Kaspersky is one of them.

It is a fake email that is supposedly sent by the bank, a typical phishing one that comes to us every day. It includes an attached PDF file that is not infected, but has a link that redirects to a fake website that pretends to be the bank's to steal the data:

Opening an attached PDF of unknown origin has some risk because these documents can be manipulated (see video demonstration) to take advantage of vulnerabilities in the software that allows them to be opened, such as Adobe Reader, Foxit Reader, among others. But by keeping these programs up to date the danger is greatly reduced in that regard.

The weak link ends up being the user that with social engineering can end up being deceived, in this case, as shown in the image, the attached PDF includes a button to view the PDF.

It is a bit contradictory and for many the deception is more than clear, but not all people have knowledge of this and can easily fall. Once clicked, redirects are made to the site prepared by the attackers.

The technique, as Dmitry Bestzhev comments, is used to circumvent the security filters that analyze email files and links. I found it interesting to comment on it to be forewarned, in case variants appear in our language or by using our bench as a hook.