silversurfer

Level 54
Verified
Trusted
Content Creator
Malware Hunter
The goal of any phishing scam is to make you do something you shouldn't do. Such is the case with a phishing campaign that utilizes PDF attachments that display login prompts that to many would look legitimate.

If you are a regular reader of BleepingComputer, you know that we like to highlight interesting phishing scams that our readers may encounter. This is to make them aware of them so they don't fall for scams that stand out from the rest.

Such is the case with the latest phishing campaign found by detection company ReversingLabs and shared with BleepingComputer prior to publication.

What makes this scam stand out is that instead of using fake landing pages, it instead uses fake JavaScript login forms generated directly by the the PDF attachment.

"One such vector that might be overlooked is credential theft via JavaScript-enabled documents," stated the researchers in their report. "This attack technique doesn’t rely on malicious links or domain spoofing, but on document scripts that yield the same effect"
Read more below: