Today I ran into a typical fraud email claiming to come from a U.S. bank but with a twist! Analyzing the attachment, it turns out that there’s no malware inside but instead a new middle step to fool lesser security software.

The original file name is “Swift confirmation .pdf” and it was created using Microsoft Word 2010.
/Author(Unknown)/CreationDate(D:20150814180000-04’00’)/Creator(Microsoft« Word 2010
So, if it is not malware then what’s the catch?
Well, this is a ‘Mediabox’-clickable document file used to redirect victims to a phishing website.

If the victim clicks on ‘View pdf File’ then it first opens a redirector website and then finally makes the jump to a server located in Chile that actually hosts the phishing attempt.

This is an interesting technique that would fool some Anti-Phishing filters based on analysis of the URLs in the  embedded  email messages themselves.
Source: Kaspersky