Phishing Campaign Baits Hook With Malicious Amazon PDFs

NEWS BRIEF

Researchers are highlighting the rise of a brand new phishing tactic: a marketing campaign that makes use of PDF paperwork to trick victims by saying expired Amazon Prime memberships.

Customers are focused by e mail and, after clicking on the PDFs, are taken to pages that impersonate Amazon, the place they’re urged to enter their private particulars and bank card info.

The researchers at Palo Alto Networks Unit42 who found the marketing campaign have collected 31 PDF recordsdata with hyperlinks to those phishing websites, none of which had been submitted to VirusTotal.

The chain of occasions within the phishing assault begins with the e-mail containing the PDF attachment. As soon as clicking on the hyperlink from the PDF, the sufferer is redirected from the preliminary URL to subdomains of duckdns[.]org that host the phishing web site.

“These phishing web sites use cloaking to redirect scans and different evaluation makes an attempt to benign domains,” the researchers wrote. These domains for a lot of the preliminary and intermediate staging URLs are hosted on the identical IP handle.

There are 4 preliminary hyperlinks used within the marketing campaign that potential victims needs to be cautious of:

“The preliminary assault vector, the place customers are beguiled into opening an e mail attachment containing a PDF file, is a stark reminder of the significance of remaining vigilant of emails,” Javvad Malik, lead safety consciousness advocate at KnowBe4, wrote in an emailed assertion. “Emails nonetheless stay the most well-liked assault avenue for phishing, so it is vital that individuals have the suitable schooling and instruments at their disposal to have the ability to successfully establish and report any suspicious exercise.”