You’ve Got a Quote! But It’s Bad Business If You Click on This One

This is an archived article and the information in the article may be outdated. Please look at the time stamp on the story to see when it was last updated.

By now, we’ve heard a lot of warnings about not opening attachments. If you do, the attachment will download malware onto your computer. eWeek reports on two PDF phishing scams emerging nationwide that are slightly different. Unlike PDF scams in the past, the PDF file does not have malicious code embedded in it. In version one of this scam, consumers receive an email with a quote for a product or service. The email further instructs to “Just click on the attachment Quote.pdf to view the quote”.

Don’t do it! If you click on the link in the attachment, it will direct you to provide personal information that can be used for identity theft.

In the second version of this scam, the attachment in the email directs you to view a document in Dropbox, a frequent target of scammers. When you click on the attachment ScannedbyXerox.pdf, you are notified that you are trying to open a secure document in Dropbox and are directed to click on the embedded link to a bogus Dropbox Login page.

How Do You Protect Yourself?

  • If you receive an email with an attachment of any type, be skeptical.
  • Best practice: Don’t download or try to open any files that you did not directly request from a trusted source.
  • Specifically, if you didn’t request a quote for a product or service or you don’t use Dropbox for file sharing; don’t click on any attachments or links.
  • Make sure your firewall is turned on along with anti-virus and anti-malware protection – and that they are up to date. Anti-exploit software may also provide additional protection.
  • If your computer of smartphone is ever compromised by malware or ransomware, take it directly to a computer professional. Don’t try to fix the device yourself.

For more information, check out Microsoft Warns of Emails Bearing Crafty PDF Phishing Scams. To report a scam, go to the BBB Scam Tracker. To find trustworthy businesses, go to bbb.org.