Popular File-Sharing Service WeTransfer Used in Malicious Spam Campaigns

guest · Jul 24, 2019

Popular File-Sharing Service WeTransfer Used in Malicious Spam Campaigns
WeTransfer is being used by hackers to circumvent email gateways looking to zap malicious links
July 24, 2019
https://threatpost.com/popular-file...sfer-used-in-malicious-spam-campaigns/146671/

Hackers are abusing the popular file-sharing service called WeTransfer to circumvent defensive email gateways that are designed to block spam messages with malicious URLs. Researchers have observed an uptick in attacks targeting banking, power and media industries using this technique.

“When the user clicks on the ‘Get your files’ button in the message body, the user is redirected to the WeTransfer download page where a HTM or HTML file is hosted and thus downloaded by the unsuspecting victim. When the user opens the .html file, he or she is redirected to the main phishing page,” the researcher said.

The attack continues with victims asked to enter their Office365 credentials to login to retrieve the file.
Cofense said that popular services such as WeTransfer are not viewed often enough as potentially dangerous by email security gateways.
Click to expand...

Cofense: Phishing Attackers Are Abusing WeTransfer to Evade Email Gateways

guest · Jul 29, 2021

Phishing Actors Spoofing ‘WeTransfer’ to Steal ‘Office 365’ Credentials
July 29, 2021
https://www.technadu.com/phishing-actors-spoofing-wetransfer-to-steal-office-365-credentials/292352/

Actors are spoofing ‘WeTransfer’ notifications to lead recipients to an ‘Office 365’ phishing page.

The page carries some subtle signs of fraud, but they’re easy to go unnoticed for careless users.

The campaign is still ongoing, using a known and previously reported IP address for the dissemination of the emails.

Click to expand...

There’s a new credentials phishing campaign going on out there, with the actors using a spoofed ‘WeTransfer’ notification to convince their targets to enter their ‘Office 365’ usernames and passwords on a phishing page. The discovery is the work of researchers at ArmoBlox, who have shared their report with TechNadu prior to its publication. The campaign is still ongoing, so users of ‘Office 365’ are advised to remain vigilant against incoming WeTransfer notices they weren’t expecting.

The attack begins with the reception of an email that claims to be a WeTransfer notice, informing the recipient of two files that were sent to them by a colleague. The email theming is similar to that of a genuine WeTransfer notice so that it would pass as a real one for most people.
Non-experienced users or those drowned in the sense of the fake urgency created by the actors may regularly enter their credentials on the phishing page to see what happens.
Click to expand...

Armorblox: Blox Tales: WeTransfer Credential Phishing

Clicking the ‘View Files’ link in the email leads victims to a phishing page replete with Microsoft Excel branding. The page contains a blurred out spreadsheet in the background and a form to capture login details in the foreground. The victim’s email address is already pre-filled in the form, further helping the attack pass eye tests and inducing quicker action.

This email attack employed a gamut of techniques to get past traditional email security filters and pass the eye tests of unsuspecting victims.
Click to expand...

Log in or Sign up

Popular File-Sharing Service WeTransfer Used in Malicious Spam Campaigns

guest Guest

guest Guest

Log in or Sign up

Popular File-Sharing Service WeTransfer Used in Malicious Spam Campaigns

guest Guest

guest Guest

Useful Searches