Short answer: Yes Slightly longer answer: The malicious payload is usually delivered through an exploit targeted at the viewing platform... For example: I could embed a virus or worm into a PDF but it would have to be able to escape the Acrobat sandbox where you are viewing it. Best defense is to use an alternate viewer (like Foxit, though that is not always safe) I don't trust browsers like edge or chrome. Other options include a different OS like MacOS or Linux. Or a remote viewing web app, where the PDF is actually opened in the cloud. If I have a high level of suspicion, I'll upload the file to Virus Total before opening. GL