Attackers are again impersonating the U.S. Postal Service (USPS). This time, attackers are using a wide scale mobile phishing campaign that takes advantage of people’s trust in PDF files. The SMS phishing (smishing) attacks use SMS messages to inform victims that their package cannot be delivered, then directing the victim to click on a PDF file with a malicious phishing link. This campaign uses people’s perception of PDFs as a safe file format, making the message’s recipient more likely to open the attached file. 

Read more: https://www.darkreading.com/endpoint-security/usps-impersonators-pdfs-smishing-campaign