A widespread and sneaky phishing campaign is underway that pretends to be a purchase confirmation from the Apple App Store. These emails contain a PDF attachment that tells you to click a link if the transaction was unauthorized. The attackers are relying on the victim saying “What the ? I didn’t purchase an app”” and opening the PDF to see what’s going on. Once a user clicks the link
Source: