Cybercriminals have found a new way to get malware onto your phones, via ordinary SMS messages. The message might look something like this: “Hello, your package is awaiting delivery. Please open the attached document for more information."
Seemingly harmless news. You might be thinking: ""Oh, I'm waiting for the shipment, so I'll take a look." But that's the catch. By clicking on the file, you can download a virus that will steal your passwords, bank logins, or start spying on your phone.
How does a fraudulent PDF work?
These scammers are clever. At first glance, a PDF file looks completely normal. It may contain text, a logo of a well-known company, and a seemingly harmless link that redirects you to a fake online banking page, for example. Once you enter your details there, you have fallen into a hacker's trap.
Gallery
In some cases, you don't even need to fill in anything, the file may contain malicious code that will run automatically when opened. And if you have a security hole on your phone, malware can get deep into the system.
Recent cases
- USA: Hackers sent out fraudulent messages pretending to be from the United States Postal Service (USPS). People were lured to fake links and lost thousands of dollars.
- Europe: In Germany and the UK, there have been waves of fraudulent messages masquerading as bank notifications with a PDF attachment. People who opened the file found that their bank accounts had been nearly emptied.
- Czechia: No massive attack has been confirmed yet, but similar tricks have appeared in the past. And it's only a matter of time before they reach us on a large scale.
How to defend yourself? Basic rules that will save you nerves (and money)
- Never open PDF files from unknown SMS: Think about it, would a bank, carrier, or office really send you important documents via SMS? Probably not.
- Not sure? Verify the sender: If the message looks suspicious, call the official number of the company that supposedly sent you the message. Do not reply to the text message or click on any links.
- Keep your phone updated: Older versions of operating systems have security vulnerabilities that attackers exploit. Updates are your best defense.
- Use antivirus: Good security software can detect and block malicious files, even on phones.
Today it’s “just” malicious PDF files, but tomorrow it could be even worse. Attackers are constantly learning new tricks and counting on people being busy and inattentive. Key advice? Be careful before you click on anything. You don’t want someone stealing your data or draining your account just because of one ill-considered SMS message.
I'm also getting lost by email... Not just by text message...