.png){kind=small}
DIGITAL AWARENESS CAMPAIGN
PDF files...
What Could Go Wrong?
PDF files is a convenient file format to share document and is used for personal as well as official communication channels.
It is trusted by many, and not much people would suspect it being something else other than just a PDF file, but some PDFs can have virus or another hidden malware.
How are PDFs Infected?
PDF is a powerful document which contains static elements (images and text), dynamic elements (forms) and embedded signatures. These elements are necessary to make document visually appealing and consistent, there is a darker side to it.
Above mentioned capabilities have been misused to inject malicious scripts. Javascripts are mostly used for infesting malware on victim’s computer. PDF files include the ability to execute code on your device
—and that’s where the real danger lies.
​
Javascript – Javascripts are used in the website coding to control browser appearance and functionality. In past, it has been used to exploit multiple vulnerabilities in Adobe as well as many other PDF readers.
​
System Commands – Launch action in PDF can open Command window and execute commands to initiate malware. Most of the commands have now been disabled by Adobe but they might be open in other readers or earlier versions.
Hidden Objects – PDFs can have embedded and encrypted objects which prevents being analyzed by antivirus scanner. These objects are executed when file is opened by the user.
Multimedia Control – When we say PDF can have embedded objects, it could be a quicktime media or flash file. Attacker can exploit vulnerability in media players.
Emails and links...
What Could Go Wrong?
Links in email is a common thing, they makes it easier for you to go to their website homepage, or to unsubscribe from a service.
But there are malicious emails and links that are designed to steal information from you by tricking you with a bogus website.
Phishing attack
Phishing is a type of social engineering attack often used to steal user data, including login credentials and credit card numbers. It occurs when an attacker, masquerading as a trusted entity, dupes a victim into opening an email, instant message, or text message.
​
The recipient is then tricked into clicking a malicious link, which can lead to the installation of malware, the freezing of the system as part of a ransomware attack or the revealing of sensitive information.
​
An attack can have devastating results. For individuals, this includes unauthorized purchases, the stealing of funds, or identify theft.
But for an organization, succumbing to such an attack typically sustains severe financial losses in addition to declining market share, reputation, and consumer trust. Depending on scope, a phishing attempt might escalate into a security incident from which a business will have a difficult time recovering.
