People in the company just received a kinda odd email from the CTO of one of our main vendors.
The email body text says to please review attached document. Then above the signature it repeats, 'Please see attached" The email signature is different than he has sent in the past, but it uses company logos, and all of the info is correct. So it could still be legit.
There is a PDF attached to message. It can't be opened "Couldn't open PDF" "Something's keeping this PDF from opening."
ESET AV does not find any malware with pdf attachment or email. Reply-to is correct email address.
I see a lot of x-headers in the header info: X-Microsoft-Antispam-Untrusted: UriScan, X-Forefront-Antispam-Report-Untrusted: SFV:NSPM
Is there any other analysis/steps I can do besides contacting the sender?