A new report by Check Point Research has raised eyebrows in the cybersecurity world, pointing to a spike in attacks using a very familiar file type—PDFs.
These are the same files we casually open for bank statements, bills, resumes, or anything official-looking. But here’s the twist: they’re now a preferred tool for hackers.
According to the research, around 68% of all cyberattacks start with an email. Out of these, 22% come bearing weaponised PDF attachments. That's nearly one in every five email-based attacks hiding behind what looks like just another document.
With over 400 billion PDFs opened last year and 87% of businesses relying on them globally, the format’s popularity might just be its biggest weakness.
On the surface, PDFs seem simple. But under the hood, they’re complicated—enough to confuse most security tools. The format itself is described in a nearly 1,000-page ISO document, which might explain why attackers are finding so many places to hide malicious content.
PDF-based attacks have moved beyond simply exploiting technical bugs in PDF readers. They’ve now evolved into sneakier territory—blending malicious links, phishing traps, and QR codes into legitimate-looking documents.
Think of invoices, forms, or even brand logos—except one click or scan could land you on a phishing site or start a malware download.
Cybercriminals seem to be getting more creative by the day. Check Point highlights some crafty methods currently in use:
Redirect links: URLs are disguised using well-known services like Google AMP or LinkedIn, which makes them appear trustworthy at first glance.
QR codes: These are embedded within the PDF, encouraging users to scan them using phones. Since many phones bypass traditional computer-based security checks, attackers see this as an easy way in.
Evasion techniques: These range from encoding tricks that fool scanners, to encrypting parts of the PDF to hide dangerous content. Some attackers even embed malicious text inside images or use invisible fonts to throw off machine-learning based detection tools.
Check Point suggests that prevention doesn’t always need to be high-tech. A little attentiveness from the user’s end can make a big difference. Here are a few steps they recommend:
(i) Check who the PDF is from—especially if you weren’t expecting it.
(ii) Don’t click on unexpected links or scan QR codes inside documents unless you're absolutely sure.
(iii) Keep your PDF viewer updated and use one that’s secure.
(iv) Disable JavaScript in your PDF reader if it’s not essential.
(v) Hover your mouse over any link before clicking. See where it’s actually leading.
(vi) If something feels off, it probably is.
