Clicking a link to a bogus PDF would have the same effect as clicking the PDF itself, i.e. the goal is to get you to what's made up to look like a login page for Googledocs or whatever, but actually steals your login details. So although it's true that blocking PDFs would stop this particular hack it's not a general solution. To be absolutely sure you would also have to block all WP documents, as well as _any_ link in an email.
It's not clear why the scammer in this case even bothered sending a PDF, he could equally well just have sent a link. Maybe he thought seeing an actual PDF would lend it some authenticity (though for me it just rings alarm bells).
Sadly, as with all 'social engineering' scams, the only real solution is user education, but unfortunately there's no easy fix for human gullibility!