The phishing email is simple and with a pdf file attached.

phishing email

The pdf file shows password protect, and you have to click to link and enter the password.


The embedded link on the pdf file is a shorten URL redirecting to a free web hosting service. Once the free web hosting stop the phishing website, the hacker can easily change the mapping of the shorten URL to new phishing website.

phishing site

Finally, you can get the “Purchase Order” pdf file, however it is an sample purchase order pdf of a invoicing software company.

final pdf


No malicious code, no malware used in this phishing campaign. Beware of phishing email, phishing website, especially shorten URL. For any of unclear email and website verify before open it or type in any credential.