Phishing attacks often involve suspicious email links, but attackers are constantly evolving. Recently, cybercriminals have started using well-known document-publishing platforms—like Publuu, Issuu, and FlipSnack—to host malicious PDFs. These platforms let users view documents online as flip-books, creating an impression of legitimacy and safety.
Victims receive emails containing links to these PDFs, believing they are harmless documents. But once opened, these flip-books redirect them to fake login pages or malicious websites designed to steal sensitive information.
Why Attackers Favor Trusted Platforms
These document-publishing websites are widely trusted by users and rarely blocked by email filters or security systems. Because they use secure connections and reputable domains, users are less suspicious when clicking links hosted there. Cybercriminals exploit this trust to sneak past security defenses and increase the success of their phishing attempts.
How the Attack Works: Step by Step
The phishing campaign typically follows this path:
-
A phishing email is sent, often disguised as coming from a colleague or known vendor, containing a link to a document on a trusted platform.
-
The victim clicks the link and views the document in a browser-based flip-book.
-
During or after viewing, the victim is redirected—sometimes through CAPTCHA verification—to a fraudulent site mimicking legitimate login pages.
-
The victim enters credentials or other sensitive information, unknowingly handing them to the attackers.
These campaigns are often short-lived, with malicious links active for less than 24 hours, making detection and blocking more difficult.
Protecting Yourself and Your Organization
To defend against this emerging threat, cybersecurity experts recommend:
-
Extending email and web filters to monitor and flag document-publishing platform URLs.
-
Training employees to be cautious of unsolicited document links, even on trusted domains.
-
Scanning the content and embedded links inside PDFs for malicious redirects.
-
Keeping an eye on rapidly created and deleted flip-book pages, a common sign of phishing attempts.