Hackers are currently targeting business of all sizes in the latest round of phishing campaigns.
The way the social engineering attack works is emails are sent to employees with PDF attachments, claiming to have “secure or protected documentations”. Unlike many cases in the past, these PDFs do not have malware embedded in them. Instead, they are simply used to get the victim to click on a link, and fill out a form with their email address and password.
PDF document asking the victim to view the “secure files” by clicking the link
Once the victim clicks on the link, they are redirected to a site where they can authenticate themselves to view the content. Of course, there really is no secure content, and the victim is simply giving the hacker their credentials.
The hackers are also taking control of infected WordPress sites to host the phishing page linked in the PDF. These types of sites are often targeted due to the vulnerabilities in 3rd party plugins.
A hacked WordPress site, purporting to be Office365
If you or your employees receive an email that asks them to view a secure or protected document by clicking a link, please delete the email. Also, if your company is running a WordPress site, or another Content Management System (CMS) site, ensure you keep the platform and the 3rd party plugins updated regularly.