From: "US Bank-E-payment-Online"<online.communication@account.com>
Date: 19 Dec 2016 18:34:45 -0500
Subject: E-payment Transfer Notification From Another US Bank Customer
Attachments
- US Bank Payment.pdf
Technical Analysis
This one was being sneaky! Noting dodgy within the Email. The PDF scans clean for viruses, but open the PDF, and there is a tempting link to click on. You can see it in the image above – note that our image is not clickable. With an Email, you are able to hover above a link and see where it is going. The PDF is not like that by default.
In this case, I was able to interrogate the link, and it shoots off to a website for a bakery. It is unusual to find a bakery hosting web pages on behalf of a bank, so my suspicions were aroused! The reality is that the bakery would have been hacked, and a rogue webpage created to either collect data or plant trojans.