Reader Carlos submitted an email with an attachment. It's a phishing email, the attachment is an HTML file, although the criminals try to make the recipient believe that it is a PDF file.

In this video, I show how you can use my tool oledump.py to extract the attachment from the email (.msg file) for further analysis, without requiring Outlook (or Windows). I give a couple of simple tips to find the phishing URL(s) quickly.

Didier Stevens
Senior handler
Microsoft MVP
blog.DidierStevens.com DidierStevensLabs.com