mailboxes phishing email attempt vetmeds pdf fraud

Phishing Attempt: Email & PDF Scam

Phishing attempts can come in all forms, shapes, and sizes. No matter how familiar you think you are with them, always remember to take extra precaution when opening an email with attachments or links. Vetmed has recently become the latest victim of a phishing attempt, tricking their customers into giving out their login information.

The best way to defend against phishing attempts is to implement a Full Stack Email Security Service and require Phishing User Training for all employees.

VetMed Phishing Attempt

An interesting phishing attempt was recently sent from a school domain that appeared to be VetMeds. The subject line of the email was titled “Assessment document” which featured an attached “encrypted” PDF document that required an email address and password to log in.

phishing attempt Fake PDF Example
The attached PDF document was produced with Microsoft Word and included a link that indicated it was encrypted and that the recipient needed to click the link in order to decrypt the PDF. Once the PDF was decrypted the link pointed to chai[.]myjino[.]ru which opened a screen with a fake PDF behind it and a login box.

Updated versions of Acrobat will always ask the recipient before proceeding to a rogue website.

phishing attempt Fake PDF Two, email and password request
The interesting thing about this particular phishing email is that a VetMeds assessment was the bait, however the masked document at the Russian website is for a SWIFT transaction, there appears to be a mix up with messages.

phishing attempt PDF Warning for offsite links

Things to be Wary of

Be highly suspicious of emails from domains that do not correspond with its contents. A PDF encrypted email does not work this way, the recipient is never asked for their email address and password (see video below).

Lastly, always be wary of emails that request personal information such as passwords or bank information, no legitimate body will ever ask for this kind of information over an email.

Video 1

Comments are closed.