[jawmes8]

I’d be hard pressed to open a cold emailed PDF. Out of curiosity does anyone have a good way to inspect them prior to downloading?

[palmfacehn]

Sending a PDF is similar to, "asking to ask"

A giant infographic image of screenshots can convey the same information with less friction.

[lmarcos]

Would opening them in the browser be "more" secure than opening then in a regular PDF viewer program?

[lftl]

I'd think opening a PDF in your browser would be at the same risk-level you associate with going to any random URL. On Firefox at least, I'm pretty sure the built-in PDF viewer is simply JS parsing and rendering the PDF anyway -- nothing with elevated permissions:

https://mozilla.github.io/pdf.js/

[bmacho]

> I'd think opening a PDF in your browser would be at the same risk-level you associate with going to any random URL.

Probably pdf.js is more secure, as it is more modern than the HTML/js engine, it contains less legacy code, it is written in a higher level language, and they could implement a safer subset of the pdf standard, than they could do with the HTML/js standards.

[shmde]

I have been cold emailing resumes in PDF format all the time. Do recruiters not even open it ?

[cpa]

They do, opening untrusted pdf from unknown senders is part of their job. It’s also one of the many reasons why cybersecurity is so hard!

[dsr_]

If you're sending to recruiters, they do. That's an expected part of their job.

If you're sending to people who currently aren't hiring, or are never part of the hiring process, and didn't ask for your resume -- I hope they don't open it, but they probably will.

[Alifatisk]

I have a Powerautomate workflow setup that downloads all email attachments I receive to Onedrive. The onedrive folder later gets cleared every month to keep it clean.