Subscribe to the Non-Human & AI Identity Journal

Why do malicious PDFs still bypass traditional email security controls?

Traditional controls often rely on indicators that attackers can change quickly, such as links, images, or metadata. PDFs also allow valid structural variation, and encrypted or compressed objects can hide the parts defenders most want to inspect. That means a file can look benign at the surface while still carrying a delivery path for phishing or malware.

Why This Matters for Security Teams

Malicious PDFs remain effective because email security controls are often tuned to spot obvious web-style indicators, while PDFs can embed scripts, forms, attachments, and layered objects that behave differently from simple links. The risk is not just malware delivery. It also includes credential theft, invoice fraud, and payload staging that survives gateway filtering and later triggers when a user opens the file. Guidance in NIST SP 800-53 Rev 5 Security and Privacy Controls supports layered content inspection and response, but the operational challenge is that no single control reliably sees every malicious PDF variant.

Security teams often underestimate how much attacker tradecraft depends on format flexibility. A PDF may be harmless in one parser, malicious in another, or only reveal its true behavior after user interaction. That creates a blind spot between secure email gateways, sandboxing, endpoint controls, and the user’s desktop. In practice, many security teams encounter malicious PDFs only after phishing has already been clicked or a malware chain has already started, rather than through intentional detection at the gateway.

How It Works in Practice

At a technical level, a malicious PDF does not need to look obviously suspicious to be dangerous. Attackers can hide content in nested objects, use obfuscation, compress payloads, encrypt sections, or rely on embedded actions that only activate when the document is opened. Some campaigns use the PDF as the first-stage lure, while others use it to launch a second file, redirect a browser, or trick the user into entering credentials.

Traditional email security controls typically work best when they can classify known bad indicators, compare file hashes, or inspect predictable attachment behavior. PDF abuse weakens those assumptions because the same file type supports many legitimate variations. Effective detection usually depends on combining file-type validation, deep content inspection, detonation in an isolated environment, and endpoint telemetry after delivery. A practical workflow often includes:

  • normalising and unpacking PDF structures before scanning, rather than trusting the visible metadata;
  • treating embedded URLs, scripts, and launch actions as high-risk content paths;
  • re-scanning attachments on retrieval from quarantine or mail archives;
  • correlating gateway alerts with endpoint execution data and user-reported phish signals;
  • blocking or rewriting risky document handling paths where business need is low.

For control mapping, organisations often align this with CISA guidance on email security trends and broader detection engineering practices, because the goal is not perfect file trust but early risk reduction across multiple layers. This guidance breaks down in environments that rely heavily on encrypted mail flows and allow direct file exchange between external partners, because the controls can lose visibility exactly where inspection is most needed.

Common Variations and Edge Cases

Tighter attachment filtering often increases false positives and user friction, requiring organisations to balance phishing reduction against business continuity. That tradeoff is especially visible in legal, finance, healthcare, and procurement workflows, where PDFs are normal business artefacts and broad blocking can cause operational delay.

There is no universal standard for this yet, but current guidance suggests treating risk by document behavior rather than by file extension alone. Password-protected PDFs, digitally signed PDFs, and scanned image-only PDFs all create different inspection problems. A signed document may still be malicious if the trust boundary is misplaced, while a scanned file may hide text that optical extraction or sandboxing interprets differently. Conversely, some benign forms can trigger aggressive controls simply because they contain embedded JavaScript or remote content references.

Crossing into identity risk matters here when the PDF is used to harvest credentials or impersonate trusted business processes. The most reliable defensive pattern is to pair email security with phishing-resistant authentication, user reporting, and rapid revocation workflows so a single malicious document cannot become an account compromise. OWASP guidance on application and content risks is useful as a reminder that attackers exploit logic and trust gaps, not just malware signatures.

For high-trust partner ecosystems, the practical question is not whether all PDFs can be perfectly inspected, but which documents should be allowed to reach users at all. In especially regulated environments, that decision is often driven by workflow criticality, not by a single security control.

Standards & Framework Alignment

This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.

MITRE ATT&CK address the attack and risk surface, while NIST CSF 2.0 set the governance and control requirements practitioners need to meet.

Framework Control / Reference Relevance
NIST CSF 2.0 PR.DS-2 PDF inspection is a data security control problem at the email boundary.
MITRE ATT&CK T1566.001 PDFs are a common phishing attachment path used to deliver initial access.

Track attachment-based phishing detections and harden user workflows against malicious documents.