It's 2023 and companies are still sending sensitive information via their, and I quote: "secure email systems".
This "secure email" includes a 13-page PDF on how to read it. Ultimately it's in a portal for which I have to register. The link is in page 4 of the PDF.
None of this looks like a phishing email, no siree. (Yes, it does).
There's a second email without the PDF and with a direct link to the portal. Why bother sending both?
🧵 1/3
Fortunately macOS Preview is good enough to find the meta-attachment and I can read it. (Initially I couldn't see it because I was using the PDF preview on GMail).
Yay security.
By the way, Symantec is mentioned and their logo shown in a couple of places, leading me to believe that they received a lot of money for implementing this... "solution".
🧵 Fin.
Anyway, let's register in their portal... ok, they just want me to create a password, nothing else. Then they send me yet another email (that's number 3) with another PDF attachment. This one is encrypted with the password I created earlier.
Ah, but the ultimate message is (as I understand it) in an attachment within the PDF. An attachment within the attachment. A meta-attachment? In order to read it, they tell me I must install Adobe Reader.
🧵 2/3