Penetration testing, also referred to as pen testing, is a simulation of a cyber attack that organizations conduct to identify security vulnerabilities within their systems. By
If you think you’ve accidentally opened a phishing PDF, it’s important to immediately disconnect your device from the internet, back up your files, run a virus scan on your device and change your passwords. Typically, you can spot a phishing attempt if an email contains urgent and threatening language, too-good-to-be-true offers, spelling and grammatical errors or requests for private information. Another sign that you’ve received a phishing email is if it includes an unexpected attachment, like a PDF file. Based on research conducted by Palo Alto Networks’ Unit 42, the use of malicious PDF files in phishing attacks increased by 1,160% between 2019 and 2020.
Keep reading to learn what a phishing PDF is, what happens if you’ve already opened it and steps you should take to protect your privacy.
What is a phishing PDF?
A phishing PDF is a malicious file created by a cybercriminal seeking to deceive you into sharing sensitive information or installing malware without your knowledge. Often, phishing PDFs are attachments in unsolicited emails from cybercriminals impersonating someone you know or a company with which you have an account. Hoping to gain your trust by appearing familiar, cybercriminals attach PDFs to these emails, expecting you to fill them out with private information or at least click on them to launch the installation of dangerous software called malware.
What happens if you open a phishing PDF?
Several things could happen upon opening a phishing PDF. Cybercriminals typically send PDFs in phishing emails with the goal of getting you to simply open the file, which could cause malware to begin infecting your device. Malware is malicious software that infects your device to spy on your online activity, steal your device’s data or install other types of malicious software on devices sharing the same network.
However, simply opening a phishing PDF does not guarantee that malware will be installed on your device. Some cybercriminals’ emails may appear so similar to a legitimate company’s email that their PDF may trick you into entering personal information, including your home address or credit card number. If you return a completed PDF to the cybercriminal, they could use your information to commit fraud or identity theft. Although your device may be safe from malware in this situation, your privacy and identity are still at risk.
5 steps to take if you open a phishing PDF
If you’ve opened a phishing PDF, there are several steps you should take to ensure your data and identity are protected.
1. Disconnect your device from the internet
The first thing you should do after opening a potentially malicious PDF is disconnect from the internet. The device on which you viewed the phishing PDF should be disconnected from WiFi because this will significantly reduce the chances of malware spreading to other devices connected to your network. Disconnecting from the internet will also protect your personal information because some malware requires an internet connection to send your data to cybercriminals or give them remote access to your device.
2. Back up your data
You should make sure your sensitive data is backed up regularly – not only in case your device becomes lost or stolen but also in the event of a phishing attack. If you open a PDF that contains malware, a cybercriminal could access your device and potentially erase everything. By keeping a secure backup of your data, you can always restore your device to a state before a malware infection, just to be safe. A few ways you can securely back up your data include using external hard drives, relying on your computer’s built-in backup software (such as Time Machine for Apple users) or enabling cloud storage (including iCloud, Google Drive and Dropbox).
3. Scan your device using antivirus software
Antivirus software can be installed on your computer to detect, stop and eliminate known viruses and malware before they can infect your devices. Once you have antivirus software, it will constantly scan your device for viruses and malware found in its large database. If it finds a match between a virus found on your device and its database, the antivirus software will isolate the virus and delete it before it infects your device. In some severe cases, you may need to take your device to IT professionals to remove the malware if it continues to persist as a result of opening a phishing PDF.
4. Update your passwords and enable MFA
As an extra security precaution, you should update your login credentials for online accounts that you believe may have been compromised by interacting with a phishing PDF. Start by changing your passwords to stronger ones for your most sensitive accounts, such as your debit or credit card accounts, to ensure your finances are secure. An easy way to quickly change all your passwords is by using a password manager like Keeper®. Once you have all your login credentials in a secure location, you can use Keeper Password Manager’s built-in password generator to create updated and strong passwords for your accounts.
In addition to updating your passwords, you should also enable Multi-Factor Authentication (MFA), which gives your accounts an extra layer of security by requiring another proof of identity to gain access. Some types of MFA include a code from an authenticator app, a PIN, an answer to a security question or biometrics. Another way to add security to your account is by logging in using a passkey, which is a passwordless authentication method that lets you log in to multiple accounts using the same key. Unlike passwords or even some kinds of MFA, passkeys cannot be compromised in phishing attacks, which makes them very secure in protecting your accounts.
5. Place a fraud alert on your credit report
A fraud alert should be placed on your credit report if you believe you’re going to be or already are a fraud victim, or if you suspect your identity has been stolen. If you opened a phishing PDF and sent a cybercriminal sensitive information related to your identity, you should place a fraud alert on your credit report, which will ensure your identity is verified before any loans can be taken out or lines of credit opened in your name. To make an initial fraud alert, contact one of the three credit bureaus: Experian, TransUnion or Equifax.
Stay protected against malicious PDF files and attachments
Don’t jeopardize your privacy and security by opening any malicious attachments, even if they are in potentially harmless emails. You can avoid falling victim to suspicious PDFs and other email attachments by:
- Not opening unsolicited attachments in emails or text messages
- Relying on antivirus software to scan email attachments before opening them
- Paying attention to warnings provided by your email service provider
- Using a secure PDF reader
- Reporting suspicious emails as spam
If you’ve already opened a phishing PDF, you should disconnect your device from the internet, back up your data, scan your device with antivirus software and update your passwords.
Start your free 30-day trial of Keeper Password Manager to change your passwords to strong and unique ones, as well as store your MFA and passkeys.