Online scams have become a soaring issue in today’s fast-paced world, with criminals constantly evolving their tactics to steal people’s hard-earned money and personal information. Now, there is a surge in cyberattacks using PDF files as carriers of malicious content.

Raising awareness about the same, Check Point Research, a leading provider of cybersecurity solutions, said that PDF files are one of the most dangerous tools in a hacker’s arsenal today. According to reports, 68 percent of all cyberattacks originate via email and an alarming 22 percent of these involve weaponised PDF attachments.

“PDFs are deceptively simple for users, but incredibly complex for security tools to analyse thoroughly," the report states.

With over 400 billion PDFs opened last year and 87 percent of worldwide organisations using them as a standard format, their widespread use has made them a popular attack vector. Fraudsters are becoming more adept, exploiting the complicated PDF structure and users’ trust in the format to avoid traditional detection systems.

The PDF specification, ISO 32000, spans nearly 1,000 pages, providing a plethora of features that can be exploited for evasion. This complexity opens the door to numerous attack vectors that some security systems are ill-equipped to detect. Rather than using complex exploits, many scammers now rely on a simpler, yet effective, approach—social engineering.

Cyber criminals frequently turn to PDFs for phishing since the format is widely regarded as safe and reliable. Link-based campaigns are one of the most commonly used PDF attack techniques , according to Check Point Research. Often, the link is accompanied by an image or a piece of text intended to entice the victim to click it. These pictures often mimic trusted brands like Amazon, DocuSign, or Acrobat Reader, making the file appear benign at first glance.

Other than the URL evasion techniques, attackers are now deploying tactics specifically designed to bypass antivirus and email security tools. These include static analysis evasion, obfuscation & encryption and machine learning workarounds.

How to Stay Safe from PDF-Based Attacks

Always Verify the Sender: Even if the PDF looks legitimate, double-check the email address of the sender. Cyber criminals often spoof colleagues or well-known brands to trick you into trusting the file.

Be cautious with attachments: Avoid clicking a link, scanning a QR code, or calling a number from PDFs. When in doubt, don’t click the link or document. Before clicking any embedded link in a PDF, hover over it to see the full URL. Be cautious of shortened links or those using redirect services like LinkedIn, Bing, or Google AMP.

Use a secure PDF viewer: Keep PDF readers updated and avoid opening the files in obscure or outdated software. Modern browsers and PDF readers often have built-in security features to keep your information safe.

Disable JavaScript in PDF viewers: If your PDF reader supports JavaScript, disable it unless necessary. This lowers the risk of script-based exploits.

Keep systems and security tools updated: Ensure your browser, operating system, and antivirus software are regularly updated. Patches frequently address vulnerabilities used in malicious PDFs.

Trust your instincts: If a PDF seems suspicious, has unusual formatting and typos, or asks for credentials, it is probably a trap.