![]() It looks pretty similar to that faked message and you can see why people are caught out. What does a genuine WeTransfer email look like?Īt the time of writing in August 2022, a genuine WeTransfer email looks like this: ‘Invoice’ or ‘Your receipt’ are other common traps. The fraudsters are trying to con you into thinking someone has placed an order using your or your company’s account details. The list of files you’re being invited to click on includes ‘Purchase Order’ and ‘List of items’. Mistakes like this are a warning bell that something isn’t right.ģ. The brand name is WeTransfer, with a capital W and T. It says “You have received some files via wetransfer”. Look again at the full email shown above. That’s clearly not coming from WeTransfer. Although the sender of this email is called ‘WeTransfer’, when I click on that sender’s name it reveals the sender’s email address is actually, as shown below. Most email apps hide the actual address, so you may have to click on the sender’s name to reveal the full email address. The first thing to check is the sender’s address. There are a few telltale signs that a WeTransfer email, such as the one shown above, is a scam.ġ. We’re going to show you how to spot a fake WeTransfer email. However, the service is also a common target for fraudsters, who create fake WeTransfer emails to get people to click on malicious links. And never use the same password for accessing different accounts.ĭid you enjoy reading this article? Like our page on Facebook and follow us on Twitter.WeTransfer is a great way to send large files to people via email. Don’t forget to implement multi-factor authentication ( MFA) on all personal and business accounts. ![]() Pay attention to the language used within the email. How to Stay Safe?īe very mindful of minor inconsistencies in the sender’s name, email address, and domain name. The only thing that makes it appear fishy is that Microsoft is spelled as MicroSoft. The email’s HTML styling is eerily similar to WeTransfer, and the phishing page has been designed to appear as Microsoft Excel’s legitimate login page. ![]() This includes social engineering, as the email title, content, and sender name have been designed to create a sense of “trust and urgency in the victims,” wrote Armorblox’s Mark Royall in a blog post.Īnother technique used in this campaign is brand impersonation. Image via Armorblox Techniques Used in the AttackĪ range of techniques has been used to evade conventional email security filters and lure unsuspecting users. Last year, Infosec analyst Laur Telliskivi reported about the same domain being used in phishing attacks. The email sender domain is a web hosting services provider called ‘valueserverjp.’ This domain is based in Japan. It already contains the victim’s email address to create a sense of legitimacy around the entire process. When the victim clicks on View Files, the link leads them to a phishing page supposedly of Microsoft Excel.įurthermore, it features a blurred-out spreadsheet as the background, and a form is displayed in the foreground that requires the victim to enter login credentials. The email body reveals that WeTransfer has shared two files with the victim, and there’s a link to view them. SEE: ‘Zoom account suspended’ phishing scam steals Office 365 credentials The email body also makes several references to the target organization to appear legitimate. The similarity is enough to come across as a genuine WeTransfer email and can easily deceive unsuspecting users. The phishing email appears to be sent by WeTransfer as it bears the sender name Wetransfer and has the title View Files Sent Via WeTransfer. It is worth noting that WeTransfer is used for sharing files that are too large to be sent via email. The primary aim of this attack is to retrieve the victims’ Office 365 email credentials. The phishing email claims that WeTransfer has shared two files with the victim, and there’s a link to view them.Īccording to a report from Armorblox, cybercriminals are spoofing the WeTransfer file hosting system to carry out credential phishing attacks in which spoofed email leads to a phishing page featuring Microsoft Excel branding.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |