Contributor: Joseph Graziano
PDF invoices sent over email have become increasingly common in today’s business world. However, that doesn’t mean that there are no complications with the file format. Addressing these invoices without requiring verification from the recipient can lead to a compromised computer with the user’s confidential data in jeopardy.
Over the past week, Symantec has observed a spam campaign involving suspicious emails that masquerade as unpaid invoices. However, these suspicious emails come with a nasty surprise attached in the form of a malicious .pdf file.
Figure 1. Malicious .pdf file attached to suspicious email
While these invoices may appear to be legitimate because the sender’s email address may be associated with a major company, the emails contain spelling errors in the subject line and the body of the email...