Modus Operandi
- Initial Contact: The victim receives fake email, often from a seemingly trusted source (not real source)(e.g., bank, government), with an urgent message and an attached PDF or a link to a PDF.
- Malicious PDF: The attachment contains a malicious PDF that may include:
- Embedded malware (e.g., ransomware, spyware).
- A phishing form asking for personal details or login credentials.
- Exploitation: Upon opening the PDF, malware installs on the victim's device or the victim is tricked into entering sensitive information.
- Further Deception: The scammer may follow up with more demands (e.g., ransom or more personal info) or use the stolen data for fraudulent activities.
- Spread & Cover-Up: The scammer may send similar phishing emails to the victim's contacts and delete traces of the attack to cover their tracks.