![]() ![]() We always send our service-related emails from " ". We've updated the name for our paid service, from 'WeTransfer Plus' to 'WeTransfer Pro'. If the email mentions 'WeTransfer Plus' - disregard it.If the transfer isn't from someone you know or an obvious fake, don't use the download link. Check the address mentioned in the body of the email.You can check this by copying and pasting the link into your address bar without pressing Enter. Does the download button take you to our domain ( )? If not, the files are hosted somewhere else and never safe to download.If you don't recognise the sender, or aren't expecting a transfer, treat it with extreme caution. Are you being asked to enter your email address or password to download the transfer? If you are, double-check with the sender that they've sent you a password protected transfer.Is the layout different from the layout you usually see when you open a WeTransfer mail? If so, don't use the download button or link.If you do receive a suspicious communication from someone purporting to be WeTransfer, but you're not 100% sure, this is a good checklist to follow: we don't provide phone support, so we will never ever call you about WeTransfer.provide your full card number, or other payment details.ask you to download a transfer from a download link.confirm your email address or other account credentials such as passwords. ![]() If you have received an email from WeTransfer that rings alarm bells, please be sure to contact them via the following link: įurthermore, WeTransfer provides the following advice from their website to help prevent victims from giving their credentials to a cybercriminal: The scammers in this case fail to accurately imitate WeTransfer by using ‘We Transfer Plus’ instead of the actual offer of a ‘Pro’ service that WeTransfer provide. Once the user clicks on the phishing link ‘Get your files’ they are then taken to a cleverly designed WeTransfer page using similar colouring and design in order to entice the victim to enter their credentials. Note the addition of a ‘?’ after the ‘5 Files, 550MB in total’ information to indicate the imitation as well as the discrepancy between the sender's email address and name. The email seems to originate from a compromised account, with the subject line advising the recipient that they have received an ‘x’ number of files via WeTransfer (similar, but not the same, to what an actual email sent by a WeTransfer user may contain). The scam attempts to copy the colorful illustrations, branding and design used by WeTransfer in order to feign authenticity to the unknowing victim. MailGuard has intercepted this phishing attempt. So: How did this happen? T his victim has never used WeTransfer, but since WeTransfer has NO AUTHENTICATION CHECK to verify sender email ownership/ legitimacy, it lets fraudsters ‘spoof’ sender origins.īut don’t take my word for it: Give it a try - go to, send yourself a file, enter your own email address as the recipient and make up literally whatever email you want up as the sender.Imitation is certainly not an appreciated form of flattery for popular file sharing service WeTransfer when it comes to malicious activity. The cloud-based online platform is the latest name being used in a phishing scam aimed at securing credentials from its (some) 70 million users, in 190 countries worldwide. WeTransfer, known for its convenience in allowing users to transfer various files to other users on the internet, has been targeted to deliver malicious files to victims. Meanwhile, during the 13+ hours it took WeTransfer ‘support’ to respond to this, the victim received numerous ‘X has downloaded your file’ notification from Wetransfer - essentially watching their reputation get trashed in real time because WeTransfer hadn’t removed the file. The attachment, of course, was viral, meaning I got to handle cleanup duty. It also rubs salt in the wound: as there is no way to remove this upload - even though the victim controls the account that supposedly sent the file in the first place. This “Thanks for Using Wetransfer” email - sent to the purposed original sender -conveniently thanks them for using the service and provides a nice accounting for everybody about to get wrecked. doc file to 15 people, spoofed as being sent from the victim. In short: someone used to upload and distribute a viral. ![]()
0 Comments
Leave a Reply. |