Not only has the scale of phishing attacks increased over the past year, but they have also become more dangerous as cybercriminals perfect their tactics. These are the findings of a new report from Unit42, the cybersecurity branch of Palo Alto Networks.
Analyzing data pulled from its WildFire platform over the course of 2020, Unit 42 uncovered that fraudsters are abandoning simple phishing emails in favor of a more complex PDF-based approach.
Compared to the year before, the number of fraudulent .PDF files making the rounds grew by 1,160 percent, from 411,800 all the way up to 5,224,056.
In many cases, .PDF files are used to redirect traffic. The links contained in the files don’t take the victim straight to a malicious website, but first to one or multiple gating websites. This way, says the report, the attackers can extend the shelf life of the phishing .PDF lure and avoid being detected by antivirus solutions.
This approach also allows the attackers to change the final objective of the lure without needing to tweak the .PDF.
The most popular phishing tactic, used in almost four out of ten attempts, is the fake CAPTCHA, in which users are asked to verify themselves through a fake CAPTCHA script. Instead of an actual script, the .PDF contains a clickable image, sending the victim to a malicous domain.
Other popular methods include fake coupons, fake play buttons, file sharing and e-commerce methods.