PDF attachment in an email
SolvedXtelle Posted messages 11 Status Member -
Hello,
Yesterday by mistake I opened an email from an unknown sender and previewed an attachment in PDF format. I was checking my Hotmail inbox to ensure that I had indeed received the complaint I had just filed at the police station shortly before.
I know very well that it is strongly advised never to open dubious emails from unknown sources, and usually, I report them directly as phishing attempts.
The email is from CPT FREDERIC PILLON (***@***)
with the subject Case of [01/03/2023] Article:390-1 No.A308459 ✅
and the attachment AVIS.TP965241.PDF
What could be the risk of having previewed the attachment? How can I notice or detect any infection or malicious intrusion on my PC?
Looking online I saw that it's possible to scan with VirusTotal, but I don't see how to do it because the document has to be saved on the PC? Regarding email attachments, I can preview them, save to OneDrive (I don't know how that works or what OneDrive is) or download them.
My PC is an HP Elitebook X360 830 running Windows Pro.
Thank you for your time and assistance.
Chris
2 answers
-
Hello,
The risk associated with emails is either opening them in HTML format instead of plain text (the HTML file could run scripts), phishing, or self-inflicted virus infection (by clicking on a malicious link), or the attachment.
A PDF file is not primarily a source of infection; it can contain active content (notably Javascript), but which needs the PDF reader to allow scripts to execute: this possibility is impossible in the most basic PDF readers (for example, Sumatra), and should be condemned in those claiming to be advanced like Acrobat Reader.
The risk remains theoretical because it is not the most commonly used format by malicious actors; it is in any case null if the attachment has only been viewed on a webmail service where, by definition, nothing is stored on the disk, and where one would have, even if that were not the case, noticed the execution of such a script (downloads, pop-up windows, slowdowns), and where in any case, it should have been intercepted by antivirus and/or defense software.-
Thank you Brucine for your comprehensive response.
Not knowing much about this area, I admit I was a bit scared, and the information online is sometimes vague or complex.
I wish you a lovely day,
Chris
I forgot a fundamental point, be wary of double extensions: toto.pdf is rarely a virus but toto.pdf.vbs always is.
Require Windows to always show file extensions:
https://www.pcastuces.com/pratique/astuces/4584.htmAbout the sender and assuming that an investigative judge writes in his name and not in that of the institution and that he sends emails (the practice is not common and goes against procedure) the impersonators are not very clever (the official email address domain should always be of the type interieur.gouv.fr and not some "fancy" domain) and I assume that police and gendarmerie captains know that the abbreviation for their rank is CNE, not CPT.
-
-
Hello,
The essential rule is to avoid opening emails from dubious sources. This is what you seem to have done. Your Hotmail inbox should be configured to reject spam, suspicious sends,... etc. with attachments to avoid unpleasant surprises.