Attacker craft a very well structured mail that will fool most people in SA.
See below mail from attacker: a Well structured mail.
As you can see the mail comes from firstname.lastname@example.org
T Online is one of the biggest internet service providers is Germany – Why would ABSA send mails from this account ?
2nd the Source IP of the mail send is from Hong Kong Central.
3rd – The attachment analysis shows that it is a pdf and not an HTML.
The PDF analysis shows that the pdf has a stream which is calling 3 programs within the document . Contains 3 stream objects.
Be careful everyone this document cleared 58 Anti virus scans. Attackers are getting more and more resourceful in hiding any malicious content in order to evade Anti-Virus Programs.