Views:

Since the URL within the PDF file is trying to harvest credentials, it can be considered as intelligence gathering rather than dropping a malicious content. This is a phishing strategy used by possible attackers.

Unfortunately, we cannot sandbox a URL that displays a login page to enter credentials. This is a not a sandboxing defense. The Deep Discovery AnalyzerAI cannot enter an email address and password to input into a login page. Smart Protection Network won't be able to detect this URL. It is not possible to source every potential phishing URL.

The Web Reputation is not a filter. It is a database in the cloud which is queried by lookup and scores given for URLs. Thus, the undetected phishing link within an attached PDF file in an email is a normal.

For such phishing link, file a threat case to TrendAI™ Technical Support. The URL should be uploaded and classified as phishing. The Threat Team can further check the URL and if a file is downloaded, a pattern-based detection will be created for TrendAI™ products.

 
Since the Deep Discovery Analyzer 6.5 was released in March 2019 we are now using (as part of WRS) an addtional feature which uses Dynamic real-time URL Scanning in a cloud based web sandbox to detect zero-day phishing attacks
 

For more information, refer to the Deep Discovery Analyzer 6.5 Online Help page.

Keywords: phishing link not detected DDAN,phishing link in PDF not detected DDAN,phishing link in PDF not detected ,PDF phishing link