Phishing arrives at many inboxes in the guise of an attached file. Very often it’s a .pdf containing nothing but the malicious link. If you click on it, you’ll redirect to a phishing webpage that will try to lure out your credentials.
Nowadays many people are aware that a .pdf can have a poisonous contents inside. But what about other files, for example, voice records .eml? Can they be dangerous?
Imagine getting a message like “New voicemail received” with the attached file. Curiosity wins out and you click on the file. Then a Microsoft Login page downloads and prompts you to enter the credentials. Many people find it logical—as Microsoft cares about their security.
Bad news for them: their login credentials fall right into the cybercriminals hands. Sometimes it could be an HTML file disguised as a web-form from your bank to fill in immediately. In reality, it contains a script to open a phishing page with web-form in your browser. In all successful attacks the impact is the same: threat actors obtain your login credentials.
Real life example:
According to HP Wolf Security, a fake invoice that was actually a Word document embedded inside of a PDF was making the rounds in early summer 2022.
According to the analysis of the attack, victims received an email with the attachment “REMMITANCE INVOICE [dot] pdf.” Upon opening the file, they are asked to open an embedded Word document.
After clearing that hurdle, they are prompted with details making it seem like the file is safe. The name of the Word document – “has been verified. However PDF, Jpeg, xlsx, .docx” – is designed to add another false level of assurance that the file is safe. After a series of steps, the attack eventually installs Snake Keylogger malware.