<

Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x

Unorthodox Phishing Attempt Seeks Email Password

Published on
3,507 Points
407 Views
1 Endorsement
Last Modified:
Phishing attempts can come in all forms, shapes and sizes. No matter how familiar you think you are with them, always remember to take extra precaution when opening an email with attachments or links.

Phishing Attempt


Phishing attempts can come in all forms, shapes and sizes. No matter how familiar you think you are with them, always remember to take extra precaution when opening an email with attachments or links. An interesting phishing attempt was recently sent from a school domain that appeared to be VetMeds. The subject line of the email was titled "Assessment document" which featured an attached "encrypted" PDF document that required an email address and password to log in (ref image 2). The attached PDF document was produced with Microsoft Word. The document included a link that indicated it was encrypted and that the recipient needed to click the link in order to decrypt the PDF. Once the PDF was decrypted the link pointed to chai[.]myjino[.]ru which presents a screen with a pretend PDF behind it and a login box that gladly accepts. Updated versions of Acrobat will always ask the recipient before proceeding to a rogue website (ref image 3).

The interesting thing about this particular phishing email is that a VetMeds assessment was the bait, however the masked document at the Russian website is for a SWIFT transaction, there appears to be a mix up with messages.

Fake PDF Example
Image 1

Fake PDF Two, email and password request
Image 2 

PDF Warning for offsite links
Image 3 

Things to be Wary of


Be highly suspicious of emails from domains that do not correspond with its contents. A PDF encrypted email does not work this way, the recipient is never asked for their email address and password. Lastly, always be wary of emails that request personal information such as passwords or bank information, no legitimate body will ever ask for this kind of information over an email. Check out our video on PDF encryption to learn more!

 
1
Comment
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
0 Comments

Join & Write a Comment

Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
Suggested Courses

Keep in touch with Experts Exchange

Tech news and trends delivered to your inbox every month