Even as the holiday season comes to an end, cybercriminals continue to target holiday travelers in a recent scam. This scam starts with a simple phishing email and an attachment that appears to be a hotel invoice. Unfortunately, the attachment isn’t an actual PDF file. It’s a complex attack designed to steal your sensitive information. 

If you happen to download and open the attachment, an error message appears. The message claims that you need an update in order to view the PDF file. But the file isn’t actually a PDF document, and the error isn’t actually for an update.

In reality, the file is a form of malware, and if you agree to the update, you’ll launch that malware. Once launched, it quickly scans your device, collects your sensitive information, and sends it to the cybercriminals. This malware helps the scammers start off the new year with their ideal gift—your personal data!

Follow these tips to stay safe from similar scams:

  • Cybercriminals are counting on you to click without thinking. Never open attachments received from an unexpected email.
  • If you booked a hotel for the holidays and received an email about it, check for details that confirm the email’s legitimacy, such as the reservation number, check-in time, and room details.
  • Remember that this type of attack isn’t exclusive to travel invoices. Cybercriminals could use this fake PDF file technique in a number of scenarios.