This week, the SANS Internet Storm Center discovered a new phishing campaign that uses locked PDF files to steal users’ email credentials. These emails are sent with the subject line “Assessment Document” and claim to be sent from VetMeds. Within this message, users will see a body that reads “PDF Secure File UNLOCK to Access File Content,” and a single PDF attachment, labeled as a VetMeds assessment. Of course, it is not an assessment.
Once the user opens this attachment, the PDF indicates that the document is a SWIFT (Society for Worldwide Interbank Financial Telecommunication) banking transaction and requires an email and password to unlock the information.
“It doesn’t matter what email address or password you input into the fake unlocking mechanism,” reported John Bambenek, handler at SANS Internet Storm Center. “The document is automatically opened and anything you input is transmitted to the spammer.”
Locked PDF Phishing Campaign
SANS reports that they do not know precisely how big this campaign is, but they do know whom these hackers are attacking. According to Bambenek, it “is an untargeted phishing campaign. They are not going after the most sophisticated users. They are going after Joe Cubicle that may not think twice about entering credentials to unlock a PDF.”
For this reason, it’s important for all business owners and employees to remain alert. Don’t become a victim of these hack attacks. Sign up for a security checkup before any type of malware reaches you or your employees.