Phishing With PDFs & Office Files is a Dangerous Foe

June 25, 2021

Clever Lures Disguised as Office Files or PDFs Can Spell Disaster


Phishing can take many forms, and they’re all dangerous. An estimated 75% of organizations around the world experienced some kind of phishing attack in 2020. Those phishing attacks were used to perpetrate a wide variety of cybercrimes that packed a world of trouble for businesses and that trend is expected to continue this year – the damage related to cybercrime is projected to hit $6 trillion annually by the end of 2021, according to Cybersecurity Ventures.  While cybercriminals can use many means to deliver ransomware, snatch credentials and perpetrate any number of other damaging cyberattacks, an estimated 94% of malware is still delivered via email. Recently, a trend has emerged showing that smart cybercriminals have been doing their dirty work by putting a fresh spin on a classic: disguising their poisonous cargo as Office Files or PDFs. 


Add to your security team and your defense without adding to your headcount! LEARN MORE>>


Old Threats Reimagined Are Dangerous


Phishing with attachments is a familiar foe for IT professionals. It’s long been a staple for security awareness training to teach employees to be extremely suspicious about every attachment because it was a likely infection vector for a nasty piece of malware like ransomware. It’s still an accurate assessment – an estimated 48% of malicious email attachments that were sent out in 2020 were Office files. Microsoft Office formats like Word, PowerPoint and Excel are popular file extensions for cybercriminals to use when transmitting malware via email, accounting for 38% of phishing attacks. The next most popular delivery method: archived files such as .zip and .jar, which account for about 37% of malicious transmissions. 

Macro malware is another weapon that cybercriminals make use of when phishing with attachments. These bits of malicious script can be distributed as email attachments or ZIP files and hidden in Microsoft Office files. Cybercriminals use sophisticated social engineering tricks to fool unsuspecting employees into interacting with them, like harmless-looking file names or trusted brand names – sometimes even government agencies or non-profits. They spend a great deal of attention to detail, making sure the file names will entice or intimidate people into opening them. Sometimes, they also use spoofing or business email compromise attacks to distribute messages disguised as invoices, receipts, legal records, and other documents. 


What’s next in phishing? Find out in the 2021 State of Email Security Report! GET IT NOW>>


Smart Cybercriminals Don’t Miss a Chance to Simulate Authenticity


Cyware recently outlined a current phishing scam that follows that pattern. In this scenario, the cybercriminals are attempting to Office365 credentials by creating spear phishing messages that masquerade as an Outlook Security update from the IT Security department, which is likely to bypass conventional security or a SEG layer. How are they doing it? 

  • In the emails, the threat actor has spoofed both the sender and company names. Such use of personalized subject line and sender information increases the probability of the targeted users opening the attached PDF. 
  • The PDF carries links that would direct the victims to a website, which would ask either to download malware onto the victim’s machine or the user to enter credentials.
  • To make the document look more legitimate, the attackers used the logos of Microsoft and the recipient’s company and included details, such as release date. 
  • In addition, it uses a reference of Google Ads service that redirects the users to another domain hxxp://ekavolunteers[.]org, and further to another domain pretending to be Microsoft’s privacy policy page, designed to harvest credentials. 

Still relying on a clunky SEG? Check out this chart to see why Graphus is better! GET THE CHART>>


Keep People From Falling for Tricks by Eliminating People From the Equation


To protect your business against cyberattacks like these, you need email security that’s smart enough to not be fooled by clever cybercriminal tricks. You need Graphus.  Powered by smart AI technology, Graphus catches 40% more phishing messages than the competition automatically, keeping more social engineering attacks away from your employees than conventional email security solutions or clunky old SEGs. Put 3 strong layers of protection between phishing messages and your employees. 

  • TrustGraph is the star of the show, guarding your company’s inboxes against social engineering attacks. Using more than 50 separate data points, TrustGraph analyzes incoming messages to detect trouble before speeding them to their recipients – and it never stops learning, constantly gathering fresh threat intelligence from every analysis it completes. 
  • EmployeeShield slips into place when a new line of communication comes into your business, adding a bright, noticeable box that warns employees to use caution when handling the message. This empowers every staffer to join your security team by marking a new message safe or quarantining it with one click for administrator inspection.
  • Phish911 completes your triple-layered protection by making it easy and painless for employees to report any suspicious message that they receive to an administrator for help. When an employee reports a suspicious message. it is immediately removed from everyone’s inbox to prevent further trouble.   

An estimated 60% of companies that experience a cyberattack go out of business. That’s a club no one wants to join. Keep your business safe from sophisticated threats with sophisticated protection from Graphus.  Schedule a demo => 


Stay safe from even the most sophisticated cyberattacks and social engineering scams

Put the powerful TrustGraph® AI of Graphus to work for your business, and in minutes you’ll get a powerful, easy-to-use, and customizable EmployeeShield® against phishing attacks.
Get a Demo of Graphus