---
title: "Everyone Loves PDFs Including Hackers | Phish Protection"
description: "If you"
image: "https://phishprotection.com/og/blog/everyone-loves-pdfs-including-hackers.png"
canonical: "https://phishprotection.com/blog/everyone-loves-pdfs-including-hackers/"
---

Quick Answer

If you're doing business, then you're sending, receiving and reading PDFs. PDFs have become ubiquitous in business as a way of sending documents over the web. And why not? There are a lot of advantages to using PDFs. For starters, it's ubiquitous - everyone has a PDF reader. The files can include embedded links and images.

Share 

[ ](https://www.linkedin.com/sharing/share-offsite/?url=https%3A%2F%2Fphishprotection.com%2Fblog%2Feveryone-loves-pdfs-including-hackers%2F "Share on LinkedIn") [ ](https://twitter.com/intent/tweet?text=Everyone%20Loves%20PDFs%20Including%20Hackers&url=https%3A%2F%2Fphishprotection.com%2Fblog%2Feveryone-loves-pdfs-including-hackers%2F "Share on X/Twitter") [ ](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fphishprotection.com%2Fblog%2Feveryone-loves-pdfs-including-hackers%2F "Share on Facebook") [ ](https://reddit.com/submit?url=https%3A%2F%2Fphishprotection.com%2Fblog%2Feveryone-loves-pdfs-including-hackers%2F&title=Everyone%20Loves%20PDFs%20Including%20Hackers "Share on Reddit") [ ](mailto:?subject=Everyone%20Loves%20PDFs%20Including%20Hackers&body=Check out this article: https%3A%2F%2Fphishprotection.com%2Fblog%2Feveryone-loves-pdfs-including-hackers%2F "Share via Email") 

![Phish Protection blog post image](https://media.mailhop.org/phishprotection/images/2019/07/anti-phishing-software-5555.jpg) 

If you’re doing business, then you’re sending, receiving and reading PDFs.

PDFs have become ubiquitous in business as a way of sending documents over the web. And why not? There are[ a lot of advantages](https://www.peernet.com/pdf-benefits-for-business/) to using PDFs. For starters, it’s ubiquitous - everyone has a PDF reader. The files can include embedded links and images. The files tend to be small compared to other formats. _They can be password protected_. They can work on any operating system. And they’re not likely to go away any time soon.

That’s the good news. The bad news is that hackers know all that, and so PDFs have become[ the vehicle of choice for malware and fraud](https://www.helpnetsecurity.com/2019/04/23/fraudulent-pdf-files-increase/). According to SonicWall Capture Labs, “_there has been a substantial increase in fraudulent PDF files_. \[The\] fraud campaign takes advantage of recipients’ trust in PDF files as a ‘safe’ file format.”

![Anti phishing software](https://media.mailhop.org/phishprotection/images/2019/07/anti-phishing-software-5555.jpg) 

The problem’s getting worse. According to[ SonicWall](https://www.sonicwall.com/news/annual-sonicwall-cyber-threat-report-details-rise-in-worldwide-targeted-attacks/?utm%5Fcontent=bufferd97b9&utm%5Fmedium=social&utm%5Fsource=facebook.com&utm%5Fcampaign=buffer), their “multi-engine sandbox service discovered threats in over 47,000 PDFs files in 2018\. In just March of 2019, \[SonicWall\] identified over 83,000 malicious events, of which over 67,000 were PDFs linked to scammers.”

What makes these PDF-based scams so hard to defend is that in most cases, the PDF itself is harmless. _It does not contain an executable file or active malware within the document._ So, antivirus software meant to screen attached documents will see the PDF as safe. But it’s not.

The scam is that these “perfectly safe” PDFs have malicious links in them. Unfortunately, by the time the reader comes across these links, they’ve already convinced themselves that the PDF is safe. And that’s a problem, because according to the article on HelpNetSecurity website, “Most traditional security controls cannot identify and mitigate links to scams or malware hidden in PDF files, greatly increasing the success of the payload.”

In some ways PDFs are the perfect attack vehicle. Not only do they get the recipient to let their guard down, but they bypass almost all **email security defenses**. Almost all.

![Anti phishing service](https://media.mailhop.org/phishprotection/images/2019/07/anti-phishing-service-3423.jpg) 

There is one [email security](/products/advanced-threat-defense/) defense that protects users from PDF attacks and that’s real-time link scanning protection. Unlike antivirus, which looks for malware in the PDF, real-time link scanning looks at the links in the PDF. It follows those links in the PDF to see if they lead to malicious websites, and it does all that BEFORE the user ever gets a chance to see the PDF.

If you want to protect your employees from malware, by all means get yourself up-to-date antivirus software. But if you also want to protect your employees from **phishing attacks**, especially the hard-to-find attacks buried deep inside a PDF, you also need to add real-time link scanning protection. You need[ Phish Protection](/).

## Topics

[ Phishing ](/tags/phishing/) 

![Brad Slavin](https://media.mailhop.org/phishprotection/images/authors/brad-slavin.jpg) 

[ Brad Slavin ](/authors/brad-slavin/) 

General Manager

Founder and General Manager of DuoCircle. Product strategy and commercial lead across DuoCircle's 2,000+ customer base.

[LinkedIn Profile →](https://www.linkedin.com/in/bradslavin) 

## Protect your inbox from phishing attacks

Real-time email security with 60-day free trial. No credit card required.

[Start Free Trial](https://portal.duocircle.com/cart.php?a=add&pid=101&brand=phishprotection) [View Pricing](/pricing/) 

## Related Articles

[  Foundational 5m  0ktapus, Okta Breach Helps Attackers Launch Sophisticated Supply Chain Attacks  Sep 5, 2022 ](/blog/0ktapus-okta-breach-helps-attackers-launch-sophisticated-supply-chain-attacks/)[  Foundational 4m  13 Spear Phishing Attacks Examples To Justify Investment For Phishing Prevention Solutions In Your Organization  Aug 1, 2019 ](/blog/13-spear-phishing-attacks-examples-to-justify-investment-for-phishing-prevention-solutions-in-your-organization/)[  Foundational 4m  All 14 centers of Kettering Health were affected by a massive ransomware attack, Major outage in the Ohio medical center  May 23, 2025 ](/blog/14-centers-of-kettering-health-were-affected-by-massive-ransomware-attack-in-ohio-medical-center/)[  Foundational 4m  2021 Phishing Trends You Need To Be Wary Of  Aug 2, 2021 ](/blog/2021-phishing-trends-to-be-wary-of/)

```json
{"@context":"https://schema.org","@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.facebook.com/duocirclellc","https://github.com/duocircle"],"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://phishprotection.com/contact/"},"knowsAbout":["Phishing Protection","Email Security","Anti-Phishing","Business Email Compromise","Ransomware Protection","Time of Click Protection","Office 365 Email Security","Advanced Threat Defense"]}
```

```json
{"@context":"https://schema.org","@type":"WebSite","name":"Phish Protection","url":"https://phishprotection.com","description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","publisher":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]}}}
```

```json
{"@context":"https://schema.org","@type":"BlogPosting","headline":"Everyone Loves PDFs Including Hackers","description":"If you're doing business, then you're sending, receiving and reading PDFs. PDFs have become ubiquitous in business as a way of sending documents over the web.","url":"https://phishprotection.com/blog/everyone-loves-pdfs-including-hackers/","datePublished":"2019-07-02T10:44:58.000Z","dateModified":"2026-04-17T15:43:10.000Z","dateCreated":"2019-07-02T10:44:58.000Z","author":{"@type":"Person","@id":"https://phishprotection.com/authors/brad-slavin/#person","name":"Brad Slavin","url":"https://phishprotection.com/authors/brad-slavin/","jobTitle":"General Manager","description":"Brad Slavin is the founder and General Manager of DuoCircle, the company behind DMARC Report, AutoSPF, Phish Protection, and Mailhop. He founded DuoCircle in 2014 and has led the company's growth to 2,000+ customers across its email security product family. Brad's focus is product strategy, customer relationships, and the commercial and compliance side of email authentication (DPAs, SLAs, enterprise procurement).","image":"https://media.mailhop.org/phishprotection/images/authors/brad-slavin.jpg","knowsAbout":["Email Security Strategy","SaaS Product Management","Enterprise Compliance","Customer Success","Email Deliverability Business"],"worksFor":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com"},"sameAs":["https://www.linkedin.com/in/bradslavin"]},"publisher":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.facebook.com/duocirclellc","https://github.com/duocircle"],"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://phishprotection.com/contact/"},"knowsAbout":["Phishing Protection","Email Security","Anti-Phishing","Business Email Compromise","Ransomware Protection","Time of Click Protection","Office 365 Email Security","Advanced Threat Defense"]},"mainEntityOfPage":{"@type":"WebPage","@id":"https://phishprotection.com/blog/everyone-loves-pdfs-including-hackers/"},"articleSection":"foundational","keywords":"Phishing","wordCount":461,"image":{"@type":"ImageObject","url":"https://media.mailhop.org/phishprotection/images/2019/07/anti-phishing-software-5555.jpg","caption":"Phish Protection blog post image","width":1200,"height":630},"speakable":{"@type":"SpeakableSpecification","cssSelector":[".answer-block","h1"]}}
```

```json
{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https://phishprotection.com/"},{"@type":"ListItem","position":2,"name":"Blog","item":"https://phishprotection.com/blog/"},{"@type":"ListItem","position":3,"name":"Foundational","item":"https://phishprotection.com/foundational/"},{"@type":"ListItem","position":4,"name":"Everyone Loves PDFs Including Hackers","item":"https://phishprotection.com/blog/everyone-loves-pdfs-including-hackers/"}]}
```