Novel PDF Phishing Gambit Harvests Email Credentials

Exterminator

Level 85
Thread author
Verified
Top Poster
Well-known
Oct 23, 2012
12,527
The SANS Internet Storm Center has uncovered an innovative phishing campaign that relies on PDFs to harvest email credentials from victims.

Targets receive an email purporting to be from VetMeds, that has the subject line “Assessment document,” with a link to a single PDF. The message says that the file is encrypted and asks recipients to click a link to unlock it: “PDF Secure File UNLOCK to Access File Content.”

Clicking on the link opens the PDF using the computer’s default viewer, with a dialogue box asking the user to log in with his or her email credentials in order to gain access to the full document. Interestingly, the VetMeds ruse quickly breaks down: The actual PDF, which is hosted in Russia has to do with SWIFT (Society for Worldwide Interbank Financial Telecommunication) banking transactions.

“This is an untargeted phishing campaign. They are not going after the most sophisticated users. They are going after Joe Cubicle that may not think twice about entering credentials to unlock a PDF,” said John Bambenek, handler at SANS Internet Storm Center, speaking to Kaspersky Lab. “It doesn’t matter what email address or password you input into the fake unlocking mechanism. The document is opened and anything you input is transmitted to the spammer.”

As for avoiding falling victim, the key (as ever) is awareness.

“Be wary of emails from domains that don't match the contents, note that encrypted PDF documents are not locked this way (and will never ask you for your actual email password anyway), and look for other inconsistencies that give these away as scams,” said Bambenek in a posting. “Make sure users are aware of the little tell-tale signs below so they can stop themselves before becoming victims.”
 
  • Like
Reactions: Wave and JM Safe

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top