The phishing email is simple and with a pdf file attached.
The pdf file shows password protect, and you have to click to link and enter the password.
The embedded link on the pdf file is a shorten URL redirecting to a free web hosting service. Once the free web hosting stop the phishing website, the hacker can easily change the mapping of the shorten URL to new phishing website.
Finally, you can get the “Purchase Order” pdf file, however it is an sample purchase order pdf of a invoicing software company.
No malicious code, no malware used in this phishing campaign. Beware of phishing email, phishing website, especially shorten URL. For any of unclear email and website verify before open it or type in any credential.