Who has never received SMS spam? No? feel lucky, as most people have already received it. Fortunately, this spam, as frequent as it has become, is in most cases immediately recognizable. First, the originating number is unfamiliar and the message is rarely a cause for hesitation.

Lately, a new type of spam seems to be proliferating. This usually arrives via email rather than sms, with blank text and a simple PDF file attached. Whoever is behind these spam messages wants recipients to open said file and follow the links in it.

Warning: if you get this kind of message, don't open the PDF, the risk is not worth it. These practices are well known. Microsoft recently fixed one such flaw, which allowed an attacker to run PowerShell commands after a user opened a corrupted Microsoft Office file Yes, it is possible to attack a user's device using a harmless-looking file.

It's not impossible to imagine a similar scenario with a malicious PDF sent via SMS. If someone finds a flaw in iOS or Android, they can create malware that can harm your smartphone. Again, there are no reports of such schemes, nor of hackers taking advantage of the PDF, but it's better to be safe than sorry.

Best practice is therefore: do not open the PDF. In case you did, the PDF is probably full of spammy text to rock this or that. And inevitably, there will be a link to follow: But don't.

As with all fraudulent links, there is no way of knowing where they will take you or what will happen to your device or data while you are there. Again, following the link may take actions against your will. That said, most of the time, these links take you to fake websites created to reproduce completely legitimate websites and make you download malware, or enter simple personal data.


What to do if you receive a spam PDF?

Normally you should report the message to your operator, but as it is a PDF, you will not be able to transfer the document. Instead, reveal the email address: the operator will look for the message itself the first time it reports, and will need to send the email address the second time.

These systems are not designed to handle non-SMS based spam, but this workaround method is still better than nothing. By reporting the email address, you will participate in the removal of senders, a small drop in the ocean of spammers, of course, but it's important.