This Scam Uses PDFs to Steal Your Passwords

These SEO keyword-filled PDFs appear high in web searches, which make them particularly dangerous for everyday users.

The lengths by which cyber criminals will go to steal your personal information are endless, as a new scam has arisen that uses PDFs filled with SEO keywords to download malware on your device and steal your passwords.

Scams have become a regular part of online life in recent years, which means that finding ways to protect yourself is key to your continued enjoyment of the world wide web. Between ransomware attacks holding your data hostage to phishing emails tricking you into giving it up yourself, knowing what kind of scams are out there is the first step in protecting yourself.

That’s why we’re getting the word out that a new scam is using keyword-laden PDFs to get your personal information with you even realizing it.

The New Scam Using PDFs to Steal Information

According to Microsoft, who tweeted about the new potential threat, the cyber criminals behind the SolarMaker malware attack have been utilizing PDFs filled with SEO keywords to steal personal data and passwords. Because the files are so heavily stacked with these SEO keywords, they place unusually high on search results, leading to a surprisingly high success rate, which is a problem.

This method, dubbed SEO poisoning, is surprisingly effective, yet not nearly as new as it may sound. Hackers have been using it for a while to spread malware, although Microsoft notes this is a particularly thorough one that put you through quite the ringer before eventually getting you to download a malicious file.

How Does This New Scam Work?

In earnest, this scam should be pretty easy to spot, but we’re going to walk you through it just so you don’t fall victim to it on accident.

It starts with a web search. Because the PDFs are chock full of SEO keywords, these malicious links could be within the first page of Google of virtually any topic — from “insurance forms” to “math answers” — giving the appearance of a reputable resource.

Once you’ve clicked that link, the madness begins. You’ll be redirected to between five and seven different Google Sites until you eventually land on “an attacker-controlled site, which imitates Google Drive.” At that point, you’ll be asked to download a file, which will have the malware on it.

Once you’ve done that, you’re in trouble. The malware will scrub your device for personal information, passwords, credit card numbers, and anything else that might be valuable to a hacker.

How to Protect Yourself Online

The best way to protect yourself from this scam is to never download anything from a simple web search. If you can’t find “math answers” or “insurance forms” in a single click, there’s no reason to move forward. Especially considering this scam requires you to click through multiple sites just to get an answer, your spidey senses should be tingling before you get anywhere near a malicious link.

Still, if you want to make sure you don’t fall victim to this or any other malware attack, your best bet is going to be antivirus software. These platforms are designed to not only warn you about malicious links, but also steer you clear of these kinds of phishing websites.

If you want to take it a step further, password managers and VPNs are the best way to keep yourself safe online. Given that passwords are the first and sometimes only obstacle to hackers and that unsecured networks run rampant throughout the US, both tools can do a lot to keep you safe when it comes to your online presence.

Did you find this article helpful? Click on one of the following buttons
We're so happy you liked! Get more delivered to your inbox just like it.

We're sorry this article didn't help you today – we welcome feedback, so if there's any way you feel we could improve our content, please email us at

Written by:
Conor is the Lead Writer for For the last six years, he’s covered everything from tech news and product reviews to digital marketing trends and business tech innovations. He's written guest posts for the likes of Forbes, Chase, WeWork, and many others, covering tech trends, business resources, and everything in between. He's also participated in events for SXSW, Tech in Motion, and General Assembly, to name a few. He also cannot pronounce the word "colloquially" correctly. You can email Conor at
Explore More See all news
Back to top
close Thinking about your online privacy? NordVPN is's top-rated VPN service See Deals