I received an email from a government agency stating that I owed them money and needed to pay immediately to avoid legal action. The message included a PDF documenting the situation, but when I opened it, it was gobbledygook. They sent me an app to “decode” it, but I’m suspicious. How should I proceed?
You’re right to be suspicious of this interaction. There are a couple of warning signs that should have already tipped you off that this was a scam. The “app to decode or decrypt a PDF” is a newer scam, however, and is a dangerous one because it’s believed to have originated from a state-funded hacker group overseas. Google’s Threat Analysis Team explains that the victim receives a seemingly benign PDF that cannot be read. They are then sent a decryption utility which is actually malware that will allow the hackers full access to your system. Not good at all!
Government agencies tend to work slowly so your first warning should have been the sense of urgency in the message. That’s a classic spammer trick, to get you to act before you have a chance to think about what’s going on or do any research to confirm the legitimacy of the communication. Then there’s the threat of law enforcement getting involved. How better to make you panic and react without thinking than to say you’re about to be thrown in jail or otherwise subject to legal action?
Some spam messages masquerade as including useful or interesting PDF documents but upon closer examination are .EXE or similar executable programs, not documents at all. If the message says it’s a PDF doc but the file isn’t a .PDF then immediately delete it without going any further. PDF files can be mocked up too, of course, so just because it has an official letterhead and sounds legit doesn’t mean that it is genuine.
ENCRYPTED PDF AND MICROSOFT OUTLOOK
The Portable Document Format (PDF) also includes an encryption feature that looks quite a bit different from a document that contains unreadable text garbage. If you’re using Microsoft Outlook, PDF attachments look like this:
Notice the icon! Click on it to review and if it’s encrypted, Outlook will immediately prompt:
If that’s not what you’re seeing, then there’s something mighty fishy about their claim of an “encrypted” document.
GMAIL AND ENCRYPTED PDF DOCS
Using Gmail? It’s quite similar. Here’s the same encrypted PDF document as shown in Gmail:
As you can see, it shows the red “PDF” mini-icon, but more importantly, Google knows that encrypted PDF documents can be dangerous and unscannable before processing, so it’s added a warning:
Encrypted attachment warning – Be careful with this attachment. This message contains 1 encrypted attachment that can’t be scanned for malicious content. Avoid downloading it unless you now the sender and are confident that the email is legitimate.
Wise words. In this case, I know it’s legit because I sent it to myself! A click to open it and, again, I’m prompted for the document access password:
The overall moral of this story is that you were exactly right to be suspicious of a program sent to you from an unknown entity, organization, or agency. Given that anyone can pretend to be someone else in the digital world, a healthy dose of skepticism is a survival tool for the 21st century!
Any time you’re not sure about an email purporting to be important and time-sensitive, search online for the agency or organization and give them a call. Don’t trust the phone number in the email because that too might be part of the scam. Be safe out there!
Pro Tip: I’ve been writing about online scams for many years. Please check out my spam, scams and security help area while you’re visiting. Thanks!