Skip to main content

Email PDF Attachment Might Be Gmail Phishing Scam

By February 3, 2017March 1st, 2023Cybersecurity

EmailThere’s a new phishing scam making the rounds, made noteworthy by the fact that it is especially convincing. What makes it so convincing is the lengths the hackers go to in order to fool their potential victims into thinking they’re getting a legitimate email.
The attack begins by breaching one person’s email, then scanning the first victim’s email for sent emails containing an attachment.

When one is found, a screen shot is taken and included with the mail that the hackers will send next. The idea is to build trust and convince the next victim that they’re receiving a resend of the file in question from a known source.

The next step, of course, is to gather email addresses and send emails to new recipients. These include the aforementioned screenshot, disguised as a PDF.

The hackers have also found an inventive way of getting around Google’s normally excellent scanning and detection protocols. The URLs they use are virtually identical to official Google URLs. When you click to download what appears to be an innocuous PDF, you are redirected to what appears to be a Google login page.

This, unfortunately, is a trick, and when you log in, you give the hackers your Google password.

Unfortunately, too many people tend to use the same password across multiple websites, so once the hackers have this password, more often than not it means that they’ve got the keys to your digital kingdom.

This is the most effective phishing attack we’ve seen to date. Most phishing attacks have a success rate no higher than 3-4 percent. This one is nearly an order of magnitude more effective, and it’s spreading quickly.

It’s something you need to be sure that your IT staff and all your employees are aware of. Even if at first glance an email in question appears to be from a trusted source, it bears a quick voice or in person contact to be sure that the sender has actually sent you a file. This extra step could save you quite a bit of pain down the line.

Chris Forte

Chris Forte, President and CEO of Olmec Systems, has been in the MSP workspace for the past 25 years. Chris earned his Master’s Degree from West Virginia University, graduating Magna Cum Laude. He was a past member of the Entrepreneurs’ Organization, a current member of the New Jersey Power Partners and Executive Association of New Jersey, where he has previously served on its board of directors. In his spare time, Chris enjoys traveling with his family. He also admits to being a struggling golfer and avid watcher of college football and basketball. He currently lives in Boonton Township, NJ with his wife, two daughters, son, and black lab Luna.