1. Forum
  2. tqwNet
  3. TQW GENTECH

  • Scammers are once again abusing PDFs to trick victims into callin

    From TechnologyDaily@1337:1/100 to All on Thursday, July 03, 2025 15:45:09
    Scammers are once again abusing PDFs to trick victims into calling fake support numbers

    Date:
    Thu, 03 Jul 2025 14:34:00 +0000

    Description:
    No, you're not talking to a Microsoft representative - it's a scammer who wants your passwords.

    FULL STORY ======================================================================Cisco Talos warns of callback phishing scams on the rise Phishing emails come with PDF attachments, in which are phone numbers Threat actors are exploiting people's trust in phone calls

    Security researchers from Cisco Talos have warned of an ongoing phishing campaign in which victims are tricked into calling the attackers on the
    phone.

    In a new report, the researchers said that between early May and early June 2025, they observed threat actors spoofing major tech companies, such as Microsoft, Adobe, or Docusign.

    Cisco Talos calls this type of scam callback phishing - in the phishing emails, they would notify the victims of a problem, or an incoming/pending transaction, then share a phone number they control, and invite the victim to dial in and address these issues. During the call, the attackers would masquerade as a legitimate customer representative and explain to the victim that in order to sort out their problem, they need to either disclose sensitive information, or install a piece of malware on their device.

    Get 55% off Incogni's Data Removal service with code TECHRADAR

    Wipe your personal data off the internet with the Incogni data removal service. Stop identity thieves
    and protect your privacy from unwanted spam and scam calls. View Deal
    Callback phishing

    Attackers use direct voice communication to exploit the victim's trust in phone calls and the perception that phone communication is a secure way to interact with an organization, the researchers explained.

    Additionally, the live interaction during a phone call enables attackers to manipulate the victim's emotions and responses by employing social
    engineering tactics. Callback phishing is, therefore, a social engineering technique rather than a traditional email threat.

    Most phone numbers used in these campaigns are VoIP ones, Cisco Talos further explained, stating that these are more difficult to trace.

    The key information, including the attacker-controlled phone number, is
    shared via a .PDF file sent as an attachment. This is usually done to bypass traditional email security mechanisms and ensure the email lands in the
    inbox.

    As an added layer of obfuscation, the attackers would sometimes add a QR code into the body of the PDF file, since most AV and email protection tools
    cannot scan that deep. Furthermore, QR codes are usually scanned via smartphone cameras, and mobile devices rarely have the same level of security as laptops or desktop computers do.

    Via The Hacker News You might also like America is the top source of spam, and its getting worse thanks to growing data center infrastructure Take a
    look at our guide to the best authenticator app We've rounded up the best password managers



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/scammers-are-once-again-abusing-pdfs-to -trick-victims-into-calling-fake-support-numbers


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)