J G
asked on
Not sure if email is phishing attempt
People in the company just received a kinda odd email from the CTO of one of our main vendors.
The email body text says to please review attached document. Then above the signature it repeats, 'Please see attached" The email signature is different than he has sent in the past, but it uses company logos, and all of the info is correct. So it could still be legit.
There is a PDF attached to message. It can't be opened "Couldn't open PDF" "Something's keeping this PDF from opening."
ESET AV does not find any malware with pdf attachment or email. Reply-to is correct email address.
I see a lot of x-headers in the header info: X-Microsoft-Antispam-Untru
Is there any other analysis/steps I can do besides contacting the sender?
The email body text says to please review attached document. Then above the signature it repeats, 'Please see attached" The email signature is different than he has sent in the past, but it uses company logos, and all of the info is correct. So it could still be legit.
There is a PDF attached to message. It can't be opened "Couldn't open PDF" "Something's keeping this PDF from opening."
ESET AV does not find any malware with pdf attachment or email. Reply-to is correct email address.
I see a lot of x-headers in the header info: X-Microsoft-Antispam-Untru
Is there any other analysis/steps I can do besides contacting the sender?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Martin Miller
Can we close this question ?