4th
When Inline Attachments Get Scary
I just got an interesting 419 letter purporting to be from the Lagos office of the FBI. Unlike most such, it came as a PDF (screenshot above).
It’s obviously not credible on several levels, but what gave me pause was this: Apple mail automatically rendered the attached PDF.
We have been hearing about PDF attacks for years, where a maliciously crafted PDF can lead to arbitrary code execution when opened. Most of these have been in Adobe’s abominable Reader, but there have been necessary patches to Apple’s PDF code, too. Some day, an enlightened 419 scammer will realize that a maliciously crafted advance letter may be all they need to get your bank account details the easy way, via keylogger. It won’t matter that the email looks bogus; Core Graphics has already opened the PDF.
There needs to be a setting in Mail Preferences to prevent this, just like the setting to prevent downloading of remote images. Until there is, or they disable this sketchy practice by default, you can use the following Terminal command.
How to turn off inline attachments in Mail.app
defaults write com.apple.mail DisableInlineAttachmentViewing -bool yes
