<

Unorthodox Phishing Attempt Seeks Email Password

Published on
3,720 Points
620 Views
1 Endorsement
Last Modified:
Phishing attempts can come in all forms, shapes and sizes. No matter how familiar you think you are with them, always remember to take extra precaution when opening an email with attachments or links.

Phishing Attempt


Phishing attempts can come in all forms, shapes and sizes. No matter how familiar you think you are with them, always remember to take extra precaution when opening an email with attachments or links. An interesting phishing attempt was recently sent from a school domain that appeared to be VetMeds. The subject line of the email was titled "Assessment document" which featured an attached "encrypted" PDF document that required an email address and password to log in (ref image 2). The attached PDF document was produced with Microsoft Word. The document included a link that indicated it was encrypted and that the recipient needed to click the link in order to decrypt the PDF. Once the PDF was decrypted the link pointed to chai[.]myjino[.]ru which presents a screen with a pretend PDF behind it and a login box that gladly accepts. Updated versions of Acrobat will always ask the recipient before proceeding to a rogue website (ref image 3).

The interesting thing about this particular phishing email is that a VetMeds assessment was the bait, however the masked document at the Russian website is for a SWIFT transaction, there appears to be a mix up with messages.

Fake PDF Example
Image 1

Fake PDF Two, email and password request
Image 2 

PDF Warning for offsite links
Image 3 

Things to be Wary of


Be highly suspicious of emails from domains that do not correspond with its contents. A PDF encrypted email does not work this way, the recipient is never asked for their email address and password. Lastly, always be wary of emails that request personal information such as passwords or bank information, no legitimate body will ever ask for this kind of information over an email. Check out our video on PDF encryption to learn more!

 
1
Comment
0 Comments

Join & Write a Comment

Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…
This lesson discusses how to use a Mainform + Subforms in Microsoft Access to find and enter data for payments on orders. The sample data comes from a custom shop that builds and sells movable storage structures that are delivered to your property. …

Keep in touch with Experts Exchange

Tech news and trends delivered to your inbox every month