Views:

Since the URL within the PDF file is trying to harvest credentials, it can be considered as intelligence gathering rather than dropping a malicious content. This is a phishing strategy used by possible attackers.

Unfortunately, we cannot sandbox a URL that displays a login page to enter credentials. This is a not a sandboxing defense. The DDAN AI cannot enter an email address and password to input into a login page. Smart Protection Network won't be able to detect this URL. It is not possible to source every potential phishing URL.

The Web Reputation is not a filter. It is a database in the cloud which is queried by lookup and scores given for URLs. Thus, the undetected phishing link within an attached PDF file in an email is a normal.

For such phishing link, file a threat case to Trend Micro Technical Support. The URL should be uploaded and classified as phishing. The Threat Team can further check the URL and if a file is downloaded, a pattern-based detection will be created for Trend Micro products.

 
Since the DDAN 6.5 was released in March 2019 we are now using (as part of WRS) an addtional feature which uses Dynamic real-time URL Scanning in a cloud based web sandbox to detect zero-day phishing attacks

For more information, refer to the Deep Discovery Analyzer 6.5 Online Help page.

Keywords: phishing link not detected DDAN,phishing link in PDF not detected DDAN,phishing link in PDF not detected ,PDF phishing link