The purpose of any phishing scam is to cause you not to do anything. This is the case with a phishing campaign that uses pdf attachments that prompt logins to appear valid for many.
If you regularly read Cyber guards, you understand that our readers may meet interesting phishing scams. It’s to make them aware so that they don’t fall into scams from the remainder.
This is the situation with the recent phishing campaign discovered and communicated with us by Reversing Labs before publishing.
Tax records are often self-protected with login notifications
You are likely to be aware of password-protected PDF documents used to safeguard sensitive tax data when you send tax files regularly by e-mail to your company.
In this scam against the German victims, the scammers are pretending to send you an Amazon tax invoice and say that you must log into your Amazon Seller’s account to view the tax invoice.
“The document requests the reader to log in and they can see the tax records they send. As explained in the email, this screen is expected, and typing the credentials into it shows the summary data. As unusual as it might be, a unconsidered reader may brush it off as a safeguard to keep your private information secure”.
Once the credentials have been entered, attackers have complete access and can use your Amazon account as if they were the new proprietor.
Protect yourself against this kind of scam.
We usually inform you to check any landing pages ‘ URL for phishing scams to ensure they look valid. We also recommend that you log on to locations in your official domains only, not via an attachment.
In this case, a login prompt will be generated to open a protected PDF document, no URLs will be displayed, and this would occur.
This is why you always have to check the sender’s landing page URLs to ensure that they fit with a legitimate domain and the email you received.
You have to be even more vigilant when it comes to tax papers and reach the sender to verify that they have sent you sensible data via email.