Yes, PDFs can be harmful. History has already shown us that the combination of an email and a malicious PDF attachment can be quite devastating, with losses reaching millions of dollars. That's why it's important for organizations to think about email protection.
One thing is right, it's hard to imagine the world without PDF files. For businesses, in particular, they have several purposes.They’re important for consolidation and submission of proposals, agreements, invitations, and product information.
PDF is widely used because it’s flexible. It can contain text, image and codes at the same time. Many people don’t know but it’s even possible to play games in PDF files, such as tic-tac-toe, for example.
The problem is that this flexibility has a dark side, which is exploited by hackers. So, opening a PDF file can endanger important information from your organization and even open a backdoor so criminals can access your devices.
How criminals use PDFs
There are different ways to manipulate PDF files. In general, the most common techniques used by criminals involve:
URLs: In order to prevent anti-virus and other engines from detecting threats in email content, criminals embed malicious links into PDFs.
Embedded files: some PDF readers use a blacklist to block file types based on extension, such as .rar, .zip, .exe and .vbs. But there are many types of other files that can be embedded and exploited by criminals, such as Word documents and QuickTime and Flash media files.
Encrypted PDFs: It´s possible to embed an encrypted and malicious PDF file inside another PDF. The technique is mainly used to deceive detection engines.