Skip to main content
 Menu

Guy on a Computer in Confusion

Posted on Wednesday, July 16, 2025 in Privacy & Security

Scam of the Week: When PDFs Become Phish-Delivering Files

In this week's scam, cybercriminals are trying to trick you with PDFs that contain malicious content. You receive an email with a PDF attachment that appears to be from a major organization like Microsoft, DocuSign, or PayPal. The subject of the email seems alarming and makes it appear that you have an issue with your account. If you open the PDF attachment, it contains official logos and professional formatting. It appears legitimate, and the instructions direct you to call a customer service phone number.

But this PDF file is actually a phishing attempt. The phone number is fake, and if you call, a cybercriminal will answer and pretend to be a customer support representative. They will try to trick you into installing malware on your device. They will also try to manipulate you into giving them your user credentials or financial information so that they can solve the “problem” with your account. This type of scam can be very effective because you may be more likely to trust a voice over the phone, especially if they claim that they are trying to help you!

Follow these tips to avoid falling victim to a phishing scam: 

  • Be suspicious of unexpected emails, especially those containing attachments. You should never open an attachment unless you are sure who sent it.

  • Be cautious when contacting an organization using information provided in an email. It's always safer to use the contact information listed on an organization's official website.

  • ​Remember that legitimate organizations rarely send urgent requests through PDF attachments. Cybercriminals will often attempt to create a sense of urgency to trick you into acting impulsively. 

Stop, Look, and Think. Don't be fooled. 

Article provided by:

KnowBe4 Logo

KnowBe4.com 

  1. account security
  2. ai
  3. artificial intelligence
  4. cyberattack
  5. cybercriminal
  6. cybersecurity
  7. data leak
  8. digital
  9. false information
  10. fraud
  11. malware
  12. money
  13. phishing
  14. phone
  15. ransomware
  16. red flags
  17. scam
  18. security
  19. sensitivity
  20. text

  How Can We Help?

Back to Top