Not sure if email is phishing attempt

People in the company just received a kinda odd email from the CTO of one of our main vendors.

 The email body text says  to please review attached document.  Then above the signature it repeats, 'Please see attached"  The email signature is different than he has sent in the past, but it uses company logos, and all of the info is correct.  So it could still be legit.  

There is a PDF attached to message.  It can't be opened "Couldn't open PDF" "Something's keeping this PDF from opening."

ESET AV does not find any malware with pdf attachment or email.   Reply-to is correct email address.  

 I see a lot of x-headers in the header info:  X-Microsoft-Antispam-Untrusted: UriScan, X-Forefront-Antispam-Report-Untrusted: SFV:NSPM

Is there any other analysis/steps I can do besides contacting the sender?
tike55Asked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Martin MillerCTOCommented:
Contact sender, possibly set up a rule to quarantine all incoming email from them until clarified.
JohnBusiness Consultant (Owner)Commented:
Almost for sure it is a phishing attempt. The document not working seems to be a giveaway.

As noted above quarantine the email until clarified
Shaun VermaakTechnical SpecialistCommented:
Goto http://virustotal.com and upload that PDF to check if it is malicious
Acronis True Image 2019 just released!

Create a reliable backup. Make sure you always have dependable copies of your data so you can restore your entire system or individual files.

Scott CSenior EngineerCommented:
To be 100% sure contact the sender.  They will appreciate your diligence and also alerting them that they are being spoofed.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
PerarduaadastraCommented:
Check the reply-to email address very carefully. Look for odd accents on any of the letters (easy to dismiss as a speck of dust on your screen) or for tricks such as a upper-case I being used in place of a lower-case L, like so: I l
In this example the second letter is the lower-case L.
Martin MillerCTOCommented:
Can we close this question ?
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Phishing

From novice to tech pro — start learning today.