-
- |
-
Beware! The “View PDF” Scam on WhatsApp Is Resurfacing, Targeting Your Bank Account
Beware! The “View PDF” Scam on WhatsApp Is Resurfacing, Targeting Your Bank Account
WhatsApp users are facing a renewed threat: the “View PDF” scam. The perpetrators send files claimed to be invitations, brochures, or important documents in PDF format via WhatsApp. But behind this, those files contain malicious mechanisms to steal data and infect victims’ devices.
Here’s a typical flow of this modus operandi:
-
The attacker sends a PDF file via WhatsApp from an unknown number.
-
When the recipient opens or “views” the file, hidden malware or scripts begin to steal contacts and device data.
-
The stolen contacts are then used to automatically propagate the same PDF to the victim’s entire contact list, widening the attack’s reach.
-
In some cases, the file — though appearing as a PDF — is actually a hidden application (APK) which, when executed, requests permissions to access personal data, messages, gallery, and banking apps.
-
If the victim follows instructions inside the file (for example, by entering personal data or logging into a banking account), the attacker may gain access to the bank account or perform transactions without the victim knowing.
Law enforcement and cyber units have warned the public not to open PDF files coming from unknown numbers. For example, the Yogyakarta City Police (Polresta Yogyakarta) through its communication channels stated that this modus has frequently appeared and that users must be wary of suspicious PDF files.
Characteristics of Fake PDF Files to Watch Out For
-
Inconsistent file extension — for example “.Pdf” or “.PDF” with mixed capitalization — while legitimate PDF files typically use “.pdf.”
-
The file’s icon or logo looks odd or does not match the official Adobe Acrobat red icon.
-
No document preview (number of pages, thumbnail) is available, or a “cannot preview” warning appears — these may indicate it’s not a real PDF.
-
The file is unusually large yet contains minimal visible content — it may hide malicious code.
-
The file directly requests permissions or redirects users to external links for “verification” or “re-login” — a classic phishing tactic.
How to Protect Yourself from the “View PDF” Scam
Here are practical steps to minimize risk:
-
Verify the sender: never open PDF files from numbers you don’t know or from contacts who ordinarily wouldn’t send such documents.
-
Disable auto-download of files in WhatsApp so that unknown documents are not automatically saved or executed.
-
Check file extension & icon — if anything seems suspicious, do not open it.
-
Use anti-malware or antivirus apps on your phone to detect malicious files.
-
Enable two-factor authentication (2FA) on your banking apps so that even if data is leaked, the attacker still needs an extra verification step.
-
Be cautious when prompted to log in again — if redirected, make sure the URL is official and secure (HTTPS).
-
Report to authorities (cybercrime unit, police) immediately if you’ve suffered or seen the spread of suspicious files.
Conclusion
The “View PDF” scam on WhatsApp is not just a prank — it can hack your contact data, spread itself via victims’ devices, and even open doors to your bank account. Vigilance, verification, and basic digital protection are your primary defenses. The public is urged to share this information with friends and family so no one becomes the next victim.
Popular article
Need Any Technology Solution
Let’s Work Together on Project
