Safe way to open a .pdf?

I've got an email, I'm only 95% sure it'll be a scam, there's a pdf attached. Is there a safe way to open open it that doesn't involve spinning up a VM and nuking it when I'm done?

No, I only have the email and what looks like an attached pdf.

Don't I have to download it first? Don't really want to do that, it's sat in an email that Gmail hasn't identified as dodgy.

I stick them in Google Drive so it previews in my web browser.

No further updates from the OP... I guess he opened the pdf...

On a more serious point, why bother opening it at all? You are 95% sure it's a scam, so what's behind the 5% uncertainty? Do you have another way to contact the sender and see if they can verify it?

Sorry, I did manage to preview it and survived to tell the tale.

The email is from a Solicitor, whose details all check out, but the email is vague and what's in the PDF could have been simply put in an email. But it's fairly normal for Solicitors to have terrible IT systems that auto-email out PDF copies of Word documents with boiler-plate email content, so some amber-red flags, but also possibly a false-positive.

I've never had any reason to be contacted by these Solicitors and the person named in the email subject doesn't pop up on Google.

The PDF is asking me to write them a few paragraphs about when and how I transferred some money to this person to corroborate their statements so they can draw up a witness statement for me in their defence. It looks like this person is getting done under the Proceeds of Crime Act and is claiming that someone with my name sent them the money as a donation that might be in relation to some sort of church or culty type thing.

If it was a dodgy PDF there would be no need for it to contain such an elaborate back-story I don't think. And I don't think the content is a scam as there's nothing in it for me in replying and if I thought there was I would have to perjure myself to get my hands on some of these proceeds of crime.

Maybe I'm supposed to reply and confirm I'm a bit thick then there'll be more play out where I get offered millions but they just need to know my account details to transfer the money back to me. But on the other hand it seems a little early in the play to be reliant on me just randomly lying in a Witness Statement.

Are the From and Reply email address correct - the email addreses behind the visible names? Not easy to see on a mobile device - if it is a phishing email then usually they'll be very slightly different (or sometmes completely different) from the correct domain.

If it is genuine, it seems to odd to make contact by email even if it's meant for someone else. That said, I have a fairly unusual surname, but am listed in the phone book etc and a couple of times I've had phone calls from people who say they're solicitors asking if I know someone with same surname, different first name.