I always thought PDFs were safe to open, sadly my notion was wrong.  The other day I received an email sent to my work address from Gmail account which contained no body, only a single PDF attachment – sale_50_87318984.pdf.

Now, of course, the fact there was no body and it was sent to random people around the company, sent up a red flag for me.  Obviously, the perpetrator was trying to get someone to click the PDF, which, I am hoping, if all those employees have read the companies email policy and hopefully have some knowledge of internet security, no one has.

I did a quick search today to confirm my suspicion, as I said, I thought PDFs were safe.  I came across an article from 2010 by PC Magazine which describes that PDFs can indeed carry malicious code that can be executed without the viewer’s permission.

So now you can add PDFs to the long list of files you should never open without verification (Like EXEs, ZIPs, DOC/DOCXs, etc).  By this I mean if you actually made a purchase and the company you purchased from sends you the receipt via email PDF, then it’s probably OK, or if you have a friend sending you a PDF of your joint school project, again, probably OK.  But if a person you have never met/conversed with, sends a PDF with some strange wording in the body of the email (like most spam mail) and the file has a weird name don’t click the attachment, it could very well be malicious.

Some of you may already know this, seeing as it’s been known since around 2010, but as I never thought PDFs were vulnerable, and I am a techie, maybe some didn’t realize this.