0

My colleague has forwarded me an email and asked "Can you please check for me if it is genuine?"

I'm just a programmer, so I have no idea.

The email is from a website called PDFfiller, which seems to be a document editing and sharing service. The person sending it is called **Account Payable**. I'm meant to click on a link to download a PDF.

I have asked if they are expecting an email and if they could ask if anyone has sent documents this way, and my colleague replied that it could be from a customer.

Is there a way to download and read the PDF without too much exposure?

For example would it be low risk to open it in a virtual machine?

Basically I don't want to open the file and have my machine become a hostage, or to have all my outlook contacts stolen.

Matt Ellen
  • 101
  • 2
  • This seems very phishy to me. You could use a VM or an airgapped PC to download the file and analyze it there, or forward it to VirusTotal. Keep in mind that "AntiVirus didn't find anything" doesn't mean "file is safe". –  Sep 13 '19 at 11:07
  • Thanks, both, that's good info. – Matt Ellen Sep 13 '19 at 11:15
  • I'd put the odds that this is malicious at 100%. Unless this is from a known sender that you were expecting to receive something billing-related from, just ignore it. It's not worth wasting your time. – Conor Mancone Sep 13 '19 at 13:05
  • @ConorMancone I did open it in a VM, and the PDF was just an image (saying you need to open the PDF in office 365) linking to winneroffice.xyz Definitely a scam – Matt Ellen Sep 13 '19 at 13:08
  • @MattEllen, yeah that doesn't surprise me. By "malicious" I didn't mean to limit options to malware. As spam protection gets slowly better phishing campaigns sometimes have to go through more effort to get around spam filters, leading to very convoluted phishing attempts like this. – Conor Mancone Sep 13 '19 at 13:10

0 Answers0