Gone are the days when you could easily spot a scam by the phrase “Nigerian prince” and “bank draft.” Likewise, I’ve lately noticed scammers have made what must’ve been a big push to rid their scam messages of giveaway spelling and grammatical errors. They no longer, for the most part, look like somebody spilled a bowl of alphabet soup on the rug and kicked it onto the computer screen.Cisco’s Talos Intelligence Center released a report on July 2 documenting the rise of scammers using PDFs to impersonate legitimate websites quite clearly and competently.scammers have gotten clever“In some cases, the entire email, including a brand’s logo, is embedded within a PDF attachment,” said Talos in their report. I’ve spotted more than a few of these myself. Just check out the sample below of a scammer impersonating both Microsoft and Adobe in the same email. Even the PDF name is plausible and—shocker—spelled correctly.sneaky, right? The scammers did a lot of things right with this impersonation – Credit: cisco talos intelligence groupWe’ve all gotten these “receipts.” What they seek to do is get you to panic a bit. “Oh no, it charged me what? I didn’t sign up for that. I’d better call them to straighten this out.”Then the very professional-looking 1-888 and 1-800 number leads you to a professional-sounding person on the other end claiming to be customer service from the company they’re impersonating.don’t call these phone numbers – credit: Cisco Talos Intelligence Group“These threat actors often use Voice over Internet Protocol (VoIP) to remain anonymous,” said Talos, adding that scammers sometimes reuse phone numbers over consecutive days.So what steps can you take to not fall for these tricks? For one, take a breath if you receive an alarming email that references some fine, payment receipt, or legal action that seems unlikely or impossible to you. Scammers want you to panic because you have a greater chance of acting rashly.Then check the sender’s email address. Not just the name that pops up, but the full address. You may have to hover your cursor over the name to see the full address pop up or expand the “To” and “From” fields at the top of the email window. Nonsensical email addresses are a dead giveaway.If that passes the sniff test, don’t open or download any PDFs until you talk to the company’s customer service. To reach them, don’t trust the number in the email. Google (or DuckDuckGo) the company’s website to find their customer service number and call that.It may seem slow and laborious, but once you make it second nature you’ll be a far harder target for scammers to crack.The post Think Twice Before Opening That PDF. It Could Be a Popular Scam. appeared first on VICE.