Verizon Wireless’ Odd Use of Secure PDFs for eBilling Customers
I recently took a look at a suspected malicious email supposedly sent from Verizon Wireless. Despite looking possibly malicious at first glance, it turns out that the email was legitimate. Verizon Wireless is now offering a Secure eBill service that allows customers to elect to receive their bill in a secured PDF file. The Verizon “Secure eBill” service is described here: http://www.verizonwireless.com/b2c/splash/secure_ebill.jsp.
If your organization are similarly considering using secure PDFs for any customer contacts, I would suggest not going down that path. Some people might think this looks like a phishing attempt and might simply delete your emails.
Below are some screenshots of what this all looks like. (You can click each image to enlarge it). PDF file attachments in and of themselves aren’t malicious, but if the customer isn’t expecting this email, they might consider that suspect.
The first screenshot below is the body of the email itself. The PDF file is a normal file attachment with a filename like May-16-QuickBillSummary.pdf. The second screenshot shows the error message you get if you open the PDF on a machine with no internet connectivity. The third screenshot shows the login screen you get from the PDF application asking you for Verizon Wireless login credentials. I don’t think many users or customers are used to getting prompted for access credentials like this, and they might give up at this point thinking this is garden variety phishing.
Analysis of the PDF samples available so far hasn’t turned up anything malicious, nor has analysis of pcaps of network activity generated by the application.