If you’re doing business, then you’re sending, receiving and reading PDFs.
PDFs have become ubiquitous in business as a way of sending documents over the web. And why not? There are a lot of advantages to using PDFs. For starters, it’s ubiquitous—everyone has a PDF reader. The files can include embedded links and images. The files tend to be small compared to other formats. They can be password protected. They can work on any operating system. And they’re not likely to go away any time soon.
That’s the good news. The bad news is that hackers know all that, and so PDFs have become the vehicle of choice for malware and fraud. According to SonicWall Capture Labs, “there has been a substantial increase in fraudulent PDF files. [The] fraud campaign takes advantage of recipients’ trust in PDF files as a ‘safe’ file format.”
The problem’s getting worse. According to SonicWall, their “multi-engine sandbox service discovered threats in over 47,000 PDFs files in 2018. In just March of 2019, [SonicWall] identified over 83,000 malicious events, of which over 67,000 were PDFs linked to scammers.”
What makes these PDF-based scams so hard to defend is that in most cases, the PDF itself is harmless. It does not contain an executable file or active malware within the document. So, antivirus software meant to screen attached documents will see the PDF as safe. But it’s not.
The scam is that these “perfectly safe” PDFs have malicious links in them. Unfortunately, by the time the reader comes across these links, they’ve already convinced themselves that the PDF is safe. And that’s a problem, because according to the article on HelpNetSecurity website, “Most traditional security controls cannot identify and mitigate links to scams or malware hidden in PDF files, greatly increasing the success of the payload.”
In some ways PDFs are the perfect attack vehicle. Not only do they get the recipient to let their guard down, but they bypass almost all email security defenses. Almost all.
There is one email security defense that protects users from PDF attacks and that’s real-time link scanning protection. Unlike antivirus, which looks for malware in the PDF, real-time link scanning looks at the links in the PDF. It follows those links in the PDF to see if they lead to malicious websites, and it does all that BEFORE the user ever gets a chance to see the PDF.
If you want to protect your employees from malware, by all means get yourself up-to-date antivirus software. But if you also want to protect your employees from phishing attacks, especially the hard-to-find attacks buried deep inside a PDF, you also need to add real-time link scanning protection. You need Phish Protection.