Australia markets closed
  • ALL ORDS

    7,325.20
    +19.20 (+0.26%)
     
  • ASX 200

    7,080.80
    +19.10 (+0.27%)
     
  • AUD/USD

    0.7847
    +0.0061 (+0.79%)
     
  • OIL

    64.82
    +0.11 (+0.17%)
     
  • GOLD

    1,832.00
    +16.30 (+0.90%)
     
  • BTC-AUD

    74,468.80
    +205.39 (+0.28%)
     
  • CMC Crypto 200

    1,480.07
    +44.28 (+3.08%)
     
  • AUD/EUR

    0.6447
    -0.0002 (-0.02%)
     
  • AUD/NZD

    1.0769
    +0.0013 (+0.12%)
     
  • NZX 50

    12,729.92
    -21.75 (-0.17%)
     
  • NASDAQ

    13,719.63
    +105.90 (+0.78%)
     
  • FTSE

    7,129.71
    +53.54 (+0.76%)
     
  • Dow Jones

    34,777.76
    +229.23 (+0.66%)
     
  • DAX

    15,399.65
    +202.91 (+1.34%)
     
  • Hang Seng

    28,610.65
    -26.81 (-0.09%)
     
  • NIKKEI 225

    29,357.82
    +26.45 (+0.09%)
     

Fake ‘WeTransfer’ file download steals Aussies’ personal details

Reuters
·3-min read
(Source: Getty, Mailguard)
(Source: Getty, Mailguard)

Australians are being warned against a deceptive-looking scam email posing as a WeTransfer file-sharing alert.

Email security software platform MailGuard said it had intercepted phishing scams that purported to be from the popular file-sharing platform.

“Masquerading as a file-sharing alert, the email uses a display name of ‘WeTransfer’. However, the domain used in the sender address provided in the ‘From:’ field doesn’t belong to the company – a red flag pointing to the email’s illegitimacy,” MailGuard stated in a blog post.

“The email actually originates from a rather generic domain registered by Tucows.”

The email tells users they’ve been sent some PDF files and are provided with a link to download the files.

The email is made to look very convincing, containing fake details such as file name and file size, and a level of urgency is added as users are told the files will be deleted within days.

(Source: Mailguard)
(Source: Mailguard)

Clicking the link will send users to a login page, complete with WeTransfer’s branding elements and logo, that requests the user’s name and password.

(Source: Mailguard)
(Source: Mailguard)

But the URL is not genuine and is in fact a phishing page registered with GoDaddy and hosted by Amazon AWS, MailGuard said.

“Upon ‘logging in’ and clicking on the link to ‘download file’, users’ credentials are harvested by the cybercriminals behind the scam.”

Victims are then informed that their login attempt was unsuccessful and are advised to “try entering it again”.

(Source: Mailguard)
(Source: Mailguard)

“We strongly advise all recipients to delete these emails immediately without clicking on any links. Please share this alert with your social media network to help us spread the word around this email scam.”

Large companies like WeTransfer are often the subject of phishing attacks, due to their trustworthy reputation, familiar branding and the ability to capture a large audience, MailGuard said.

The scam email also uses high-quality branding elements stolen from WeTransfer’s actual transfer page, which serves to fool users into believing they are really using WeTransfer’s actual website.

“In addition, using a file-sharing notification to trick users is another trick employed by cybercriminals to avoid detection,” MailGuard said.

“With more employees working remotely since the COVID-10 pandemic, it’s common for professionals to share confidential business documents with one another via email, so notifications like this one aren’t likely to raise too much suspicion.”

How to spot this scam

Companies you deal with should address you by name in its communications – but this scam doesn’t.

There are also some weird spacing and formatting errors throughout the email that reveal the email isn’t official.

On its support page, WeTransfer said it would never ask users “out of the blue” to confirm their email address or password; ask you to download a transfer from a download link; provide their full bank or payment details; and they don’t provide phone support.

If you think you’ve been hit by this scam, contact WeTransfer’s support team here.

Scams should be reported to Scamwatch.

Make your money work: Follow Yahoo Finance on Facebook, LinkedIn, Instagram and Twitter, and subscribe to the free Fully Briefed daily newsletter.