Skip to main content

Phishing attacks are becoming even more dangerous

(Image credit: Image source: Shutterstock/wk1003mike)

Not only has the scale of phishing attacks increased over the past year, but they have also become more dangerous as cybercriminals perfect their tactics. These are the findings of a new report from Unit42, the cybersecurity branch of Palo Alto Networks. 

Analyzing data pulled from its WildFire platform over the course of 2020, Unit 42 uncovered that fraudsters are abandoning simple phishing emails in favor of a more complex PDF-based approach. 

Compared to the year before, the number of fraudulent .PDF files making the rounds grew by 1,160 percent, from 411,800 all the way up to 5,224,056. 

In many cases, .PDF files are used to redirect traffic. The links contained in the files don't take the victim straight to a malicious website, but first to one or multiple gating websites. This way, says the report, the attackers can extend the shelf life of the phishing .PDF lure and avoid being detected by antivirus (opens in new tab) solutions.

This approach also allows the attackers to change the final objective of the lure without needing to tweak the .PDF.

The most popular phishing tactic, used in almost four out of ten attempts, is the fake CAPTCHA, in which users are asked to verify themselves through a fake CAPTCHA script. Instead of an actual script, the .PDF contains a clickable image, sending the victim to a malicous domain.

Other popular methods include fake coupons, fake play buttons, file sharing and e-commerce methods.

Sead Fadilpašić is a freelance tech writer and journalist with more than 17 years experience writing technology-focussed news, blogs, whitepapers, reviews, and ebooks. And his work has featured in online media outlets from all over the world, including Al Jazeera Balkans (where he was a Multimedia Journalist), Crypto News, TechRadar Pro, and IT Pro Portal, where he has written news and features for over five years. Sead's experience also includes writing for inbound marketing, where he creates technology-based content for clients from London to Singapore. Sead is a HubSpot-certified content creator.