SecurElement Support Advisory: PDF Phishing Scam

Last week we saw another sneaky phishing scam making the rounds, but this time involving PDFs (which are usually considered "safe" file formats). Basically, users receive an email with a PDF attachment named nm.pdf.

The following screen shots are EXAMPLES of the phishing scam - DO NOT OPEN, ACCEPT OR ENABLE ANY WARNINGS IN DOCUMENTS.

Upon opening the PDF, users are prompted to open a macro-enabled Word document.





Once the Word document has been opened, users are asked to click "enable editing."

Then another screen prompts users to "enable content."

After clicking the prompts, the attack begins to execute.

To reiterate, this phishing attack has been able to penetrate organizations with heavy filtering and restrictions at the email level and was still able to penetrate.

The only way email phishing attacks like this are able to infect are through enabling execution by the end user.

Phishing email scams, ransomeware, etc. all pray on the same idea that unsuspecting users will click, download or enable some piece of malicious code to run. Don't let that happen! Here is a reminder for best-practices when it comes to cyber security.

The best defense is to be vigilant.

  • Never open an email or attachment from a sender you do not know or are not expecting.
  • Never click on a link in an email from a sender you do not know or are not expecting.
  • Setting up policy that any email containing specific attachments be sent to IT for scanning of malicious content.
  • Disable macros in Office applications can also help prevent attacks as some ransomware attacks require macros to be enabled.
  • Have a sound, thoroughly tested backup policy so that if a ransomware type infection occurs, data can be restored from backup without paying a ransom.
  • Still unsure? Send the email to for analysis and to verify authenticity.

Lastly, our friends at ESET offer FREE Cyber Security Awareness Training. You can access the training here.

If you are concerned about these types of threats impacting your business, contact us at to discuss running a vulnerability and security audit.