The phishing emails do not attempt to exploit vulnerabilities in the PDF format or link to malware disguised as a fake new PDF reader, but target credit card information instead.
The phishing email links to a professional-looking page made to advertise fictitious new PDF reader software, which in turn links to another site that uses social engineering techniques, such as offers of free software and other gifts, to encourage victims to pay for membership.
Victims are asked to enter their credit card details on a payment page that includes the logos of the top credit card providers and the logos of their secure payment systems.
The phishing scam is designed to capture these credit card details and is extremely dangerous because the site looks legitimate, said Jo Hurcombe, AV operations engineer at Symantec.
Any unsolicited email received from an unknown source should be treated as highly suspicious, especially one that requires visiting an external page by clicking a link, said Hurcombe.
Any site that asks for money, if it is not using SSL encryption with a URL that starts with "https", it is not secure, no matter what it claims.
"Even if the site does use SSL, that does not guarantee security as the site itself could be designed specifically to harvest personal information", said Hurcombe.
This story was first published by Computer Weekly