Can opening a .pdf file do any harm?
 

I am expecting a payment into my SA bank account and have received this email which has a .pdf attached.

I am reasonably sure it's genuine, unfortunately I can't contact the person who should have made the transfer to check that she banks with Capitec, and was wondering, if it's just a coincidence and if it were a phishing email, could opening the attachment do any harm?

Much of my really important e-mails between banks require PDF format.

I would trust it as long as you have anti-virus running and as always resonably check any link addresses they refer you to type into your browser

My banks require me to log on to a secure area to ready messages and share information...

Thanks, I opened it and it was, as I thought, genuine.

Adobe PDF files are becoming an increasingly common route of infection. As windows becomes more and more hardened, other routes are being found to hijack machines, and PDF attachments are now one of the commonest routes to do this.
Two problems - there are a lot of unpatched security holes in the Adobe PDF reader, and also by default the reader can execute javascript without any warnings or blocks
What can you do?
First make sure that the Adobe Reader is up to date
Next, disable Javascript in the reader - in the reader go "edit > preferences > javascript > UNTICK "enable Acrobat Javascript""
Shouldn't cause any problems unless you like filling in online Acrobat forms.

I've read suggestions that the best answer is to ditch the Adobe Reader and instead use an alternative such as the Foxit reader - or even the Amazon Kindle software, but I'd like to see more data before being sure of that

Milo,

(a) "Adobe PDFs" is not correct terminology. The PDF standard was standardised back in 2008 by Adobe under ISO ISO 32000-1.

(b) "the best answer is to ditch the Adobe Reader and instead use an alternative such as the Foxit reader"

Utter tosh. :ugh:

PDF problems are not necessarily related to a specific reader.

See this article.... and specifically I draw your attention to the Foxit vulnerability mentioned.

The BEST answer is to keep your guard up, and remain weary of attachments that you are not expecting, even from what you might perceive to be a trustworthy originator. As are the usual old adages making sure you do your day-to-day computing logged in as an unprivileged user, running up to date AV etc. etc.

interesting, not seen it spelt out like that before

I liked this comment
"our guidance would be to use a PDF reader that's as unpopular as possible"