PDF attachment in an email

Solved
Xtelle Posted messages 11 Status Member -  
Xtelle Posted messages 11 Status Member -

Hello,

Yesterday by mistake I opened an email from an unknown sender and previewed an attachment in PDF format. I was checking my Hotmail inbox to ensure that I had indeed received the complaint I had just filed at the police station shortly before.

I know very well that it is strongly advised never to open dubious emails from unknown sources, and usually, I report them directly as phishing attempts.

The email is from CPT FREDERIC PILLON (***@***)

with the subject Case of [01/03/2023] Article:390-1 No.A308459 ✅

and the attachment AVIS.TP965241.PDF

What could be the risk of having previewed the attachment? How can I notice or detect any infection or malicious intrusion on my PC?

Looking online I saw that it's possible to scan with VirusTotal, but I don't see how to do it because the document has to be saved on the PC? Regarding email attachments, I can preview them, save to OneDrive (I don't know how that works or what OneDrive is) or download them.

My PC is an HP Elitebook X360 830 running Windows Pro.

Thank you for your time and assistance.

Chris

2 answers

  1. brucine Posted messages 24840 Registration date   Status Member Last intervention   4 169
     

    Hello,

    The risk associated with emails is either opening them in HTML format instead of plain text (the HTML file could run scripts), phishing, or self-inflicted virus infection (by clicking on a malicious link), or the attachment.

    A PDF file is not primarily a source of infection; it can contain active content (notably Javascript), but which needs the PDF reader to allow scripts to execute: this possibility is impossible in the most basic PDF readers (for example, Sumatra), and should be condemned in those claiming to be advanced like Acrobat Reader.

    The risk remains theoretical because it is not the most commonly used format by malicious actors; it is in any case null if the attachment has only been viewed on a webmail service where, by definition, nothing is stored on the disk, and where one would have, even if that were not the case, noticed the execution of such a script (downloads, pop-up windows, slowdowns), and where in any case, it should have been intercepted by antivirus and/or defense software.

    4
    1. Xtelle Posted messages 11 Status Member
       

      Thank you Brucine for your comprehensive response.

      Not knowing much about this area, I admit I was a bit scared, and the information online is sometimes vague or complex.

      I wish you a lovely day,

      Chris

      0
      1. brucine Posted messages 24840 Registration date   Status Member Last intervention   4 169 > Xtelle Posted messages 11 Status Member
         

        I forgot a fundamental point, be wary of double extensions: toto.pdf is rarely a virus but toto.pdf.vbs always is.

        Require Windows to always show file extensions:

        https://www.pcastuces.com/pratique/astuces/4584.htm

        1
      2. brucine Posted messages 24840 Registration date   Status Member Last intervention   4 169 > brucine Posted messages 24840 Registration date   Status Member Last intervention  
         

        About the sender and assuming that an investigative judge writes in his name and not in that of the institution and that he sends emails (the practice is not common and goes against procedure) the impersonators are not very clever (the official email address domain should always be of the type interieur.gouv.fr and not some "fancy" domain) and I assume that police and gendarmerie captains know that the abbreviation for their rank is CNE, not CPT.

        3
      3. Xtelle Posted messages 11 Status Member > brucine Posted messages 24840 Registration date   Status Member Last intervention  
         

        Thank you Brucine for this additional information.

        Chris

        0
  2. Panth33ra Posted messages 23135 Registration date   Status Member Last intervention   Ambassadeur 2 364
     

    Hello,

    The essential rule is to avoid opening emails from dubious sources. This is what you seem to have done. Your Hotmail inbox should be configured to reject spam, suspicious sends,... etc. with attachments to avoid unpleasant surprises.


    1
    1. Xtelle Posted messages 11 Status Member
       

      Thank you Panth33ra for your response, I am usually very careful with the emails I receive, a small mistake on my part, I will check my Hotmail inbox to adjust the settings, as now I more often receive suspicious emails in my priority inbox.

      Have a good day

      Chris

      0