Experts Warn of Novel PDF-Based Phishing Scam

来凹凸教育,见证一次不一样的新员工培训
The SANS Internet Storm Center published a warning on Wednesday about an active phishing campaign that utilizes PDF attachments in a novel ploy to harvest email credentials from victims.
According to the SANS bulletin, the email has the subject line “Assessment document” and the body contains a single PDF attachment that claims to be locked. A message reads: “PDF Secure File UNLOCK to Access File Content.”
Related Posts
Clicking on a link to unlock the document opens the PDF document using the computer’s default viewer. A dialogue box then appears above the PDF prompting the user to input their email address and password.
“This is an untargeted phishing campaign. They are not going after the most sophisticated users. They are going after Joe Cubicle that may not think twice about entering credentials to unlock a PDF,” said John Bambenek, handler at SANS Internet Storm Center.
Bambenek suspects that attackers are harvesting credentials in hopes of gaining a small foothold into a company via an email account or to perpetuate further phishing scams.

The email says it’s from VetMeds and the PDF is identified as a VetMeds assessment. Once opened, the contents of the one-page PDF indicates that the document is a SWIFT (Society for Worldwide Interbank Financial Telecommunication) banking transaction.
从业人员对信息安全基础知识和技术技能的欠缺已经成为信息安全保障工作面临的主要风险,如何提高从业人员的信息安全意识,改善信息安全管理人员的管理和控制能力变得迫在眉睫。
“It doesn’t matter what email address or password you input into the fake unlocking mechanism. The document is opened and anything you input is transmitted to the spammer,” Bambenek said.
Computers configured to open PDF documents via the Adobe PDF reader are cautioned via a security warning dialogue box before opening. The message reads: “The document is trying to connect to… If you trust the site, choose Allow. If you do not trust the site, choose Block.”
Bambenek points out that Microsoft’s Windows 10 uses the Microsoft Edge browser as default PDF reader. And when Edge opens the VetMeds PDF, unlike with Adobe, no warning message is presented to the user.
SANS says it is unclear what the size and scope of the phishing campaign is. According to Bambenek, over the past few days, SANS has been forwarded a number of these phishing emails from across the country.
“Be wary of emails from domains that don’t match the contents, note that encrypted PDF documents are not locked this way (and will never ask you for your actual email password anyway), and look for other inconsistencies that give these away as scams,” he advises.
被曝光的网站入侵事件似乎只是冰山一角,原因之一是受害者不想声张进而影响自家声誉等等。

猜您喜欢

阿里巴巴集团成为国家信息安全漏洞库技术支撑单位
网络安全宣传日网上交易安全培训视频
让环安卫小伙伴们惊呆了的EHS培训方法
给你生猴子:12星座男女的最佳婚期(组图)
MALLCRIBBS HOWTODEEPFRYTURKEY
新世代员工蔑视IT政策的应对之道