Hello, welcome to the Wednesday, June 30th, 2000, 21 edition of the Santernut Storms,

on a stormcast. My name is Johannes Ulrich. And I'm recording from Jacksonville, Florida.

Our Handlery Jing came across an interesting email that claimed to come from Google and

tried to entice victims to send them their personal information.

So it was sort of a fishing attempt, but a little bit different sense that, first of all,

there was no link involved here.

Instead, there was just a PDF, which, well, I guess, sort of looked legitimate like it came from Google.

Lots of random codes and such and colorful background logo in order to exfiltrate the information.

What the attacker did here is basically just list all the information they need in order to release this

payment to you and then email it to a particular email address. They went as far as to

register a domain, G-O-O-Corpret or corporate really.com. So something that looks a little bit like it could be used

by Google for corporate purposes like this. The domain was registered last September, so not

terribly new and interesting kind of to see whether or not anybody would fall for a trick like this.

But this is the type of trick that's not really all that easy to prevent by just filtering or scanning email,

because there wasn't really sort of anything terribly wrong with this particular PDF.

And Brad posted the solution for this month's forensics contest.

So if you were working on this or if you submitted a solution, well, you can now check if you

got it right.

I think we only got like five totally completely correct

solutions in total is what Brad told me I know we got a ton of submissions say

even though this one was significantly more difficult than some of the

prior quizzes that Brad posted.

...