By Michael Hall, Chief Information Security Officer
We like to keep you informed any time we come across a new scam or hack that may result in data loss or data theft. We’ve recently seen a new type of phishing email that is quickly becoming very common.
This spoof email looks to be a locked PDF from the very reputable company, DocuSign. It appears that the receiver of this email is required to click a button to unlock an important file.
In actuality, the file is an unlocked PDF with a button that links to a malware site.
Gmail’s built-in file viewer does a good job with these types of files because it doesn’t require you to even download the file to see what’s inside. The usual trick of mousing over the button without actually clicking it reveals the shady URL. See the screenshot below.
Short URLs are frequently used by many legitimate businesses, but they’re also the most common way to obfuscate a malicious domain/URL. We recommend that before clicking on any shortened URL, you use a URL expander, such as CheckShortURL. These services will often provide a preview of the web page for the expanded URL in addition to disclosing the full URL address for the link.
Stay vigilant! Don’t download or click any unexpected links or files!