PDFs are not always what they seem. They are good vectors to launch attacks, because PDFs are usually important, meaning end-users are likely to click. One estimate found that PDF-based attacks increased by over 1,000% in the last year.

This is another PDF-based attack. The attachment goes to a landing page that asks for credentials. This attack bypassed Mimecast, but was stopped by Avanan.

Here's what the attack looks like:

 

If you were to click on the attachment, here's the link you get:

 

As seen in our analysis of the email, there's a number of red flags that caused Avanan to block it:

 

Subscribe to Our Attack Briefs for More Research