When we discuss phishing emails, we consider the issues of a deceived user clicking malicious links, which will allow hackers to take over your device and spread malware, and steal sensitive information from your device. However, while it is known that sending malicious links is one of the main tactics hackers use to retrieve your information, there is also another technique to trick you into clicking on something that is malicious. Essentially, this is through PDF files sent to your email. Adobe.com states, “Viruses, Trojans, and malware have many ways of hiding inside a PDF and often show up in email downloads or attachments like eBooks and other documents.'' Because PDFs are one of the most often used file types, many people are tricked into thinking that one, PDFs cannot spread viruses, and two, PDFs appear legitimate and safe to access. As a result, I'd like to provide you with four tips on how to avoid this scam and secure the information on your devices.
1. Use a trusted PDF reader
Utilizing reputable software and keeping it updated is one of the best protections against PDF infections. While there are many PDF viewers, not all of them are regularly updated to sort out malicious actors and support user protection. PDF software such as Adobe Acrobat Reader initiates regular security updates that help to detect malware.
2. Cybersecurity Awareness and Training
One technique that we talked about in our recent blog, "How to Avoid Phishing: Infima’s Training and Tips on Phishing Emails" were businesses and individual users implementing cybersecurity awareness and training so that users are able to spot phishing attacks. For example, Infima, a cybersecurity tool, allows users to automatically enroll in online courses through an Infima cybersecurity training tool, where they can watch videos and complete quizzes to learn more about security techniques as part of the training every three months. These tests offer users the chance to learn how to recognize phishing emails, what to look out for, and what to do if they come across one while using their devices.
3. Look for email sender suspicions
To evaluate, watch out for spelling, grammar, and the email's tone as well. If it seems as though there is bad grammar or even a sense of an urgent tone to click on something, avoid the email. It is easy to fake the sender's email address, so instead of checking the address in the ‘From’ field, look to see whether links inside the email use a domain that correlates to the sender’s organization. A domain name is a word with a 2-3 letter extension after it. For example, Verizon.com, Facebook.com, or About.us. Please be particularly careful when you get an email asking to enter or reset credentials.
4. Disabling JavaScript execution
You can prevent yourself from opening potentially harmful PDF files by disabling the execution of JavaScript in Adobe Reader. This will prevent the unnecessary loading of external resources.
Overall, this is a reminder to be vigilant about the legitimacy of emails you receive. Even if you are one of our fully managed IT clients, and we have security measures in place for your organization, some phishing emails still do get through.
The Infiniwiz technical team in the Chicagoland area takes a proactive approach to your cybersecurity. We set up the right IT protocols and help you put in place the employee procedures that will keep your data and network safe from online hackers. However, make sure to do your part in staying alert. If you have any questions, feel free to contact us!