<

Go Premium for a chance to win a PS4. Enter to Win

x

Unorthodox Phishing Attempt Seeks Email Password

Published on
3,579 Points
479 Views
1 Endorsement
Last Modified:
Phishing attempts can come in all forms, shapes and sizes. No matter how familiar you think you are with them, always remember to take extra precaution when opening an email with attachments or links.

Phishing Attempt


Phishing attempts can come in all forms, shapes and sizes. No matter how familiar you think you are with them, always remember to take extra precaution when opening an email with attachments or links. An interesting phishing attempt was recently sent from a school domain that appeared to be VetMeds. The subject line of the email was titled "Assessment document" which featured an attached "encrypted" PDF document that required an email address and password to log in (ref image 2). The attached PDF document was produced with Microsoft Word. The document included a link that indicated it was encrypted and that the recipient needed to click the link in order to decrypt the PDF. Once the PDF was decrypted the link pointed to chai[.]myjino[.]ru which presents a screen with a pretend PDF behind it and a login box that gladly accepts. Updated versions of Acrobat will always ask the recipient before proceeding to a rogue website (ref image 3).

The interesting thing about this particular phishing email is that a VetMeds assessment was the bait, however the masked document at the Russian website is for a SWIFT transaction, there appears to be a mix up with messages.

Fake PDF Example
Image 1

Fake PDF Two, email and password request
Image 2 

PDF Warning for offsite links
Image 3 

Things to be Wary of


Be highly suspicious of emails from domains that do not correspond with its contents. A PDF encrypted email does not work this way, the recipient is never asked for their email address and password. Lastly, always be wary of emails that request personal information such as passwords or bank information, no legitimate body will ever ask for this kind of information over an email. Check out our video on PDF encryption to learn more!

 
1
Comment
0 Comments

Join & Write a Comment

Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
Suggested Courses

Keep in touch with Experts Exchange

Tech news and trends delivered to your inbox every month