Australians are being warned against a deceptive-looking scam email posing as a WeTransfer file-sharing alert.
Email security software platform MailGuard said it had intercepted phishing scams that purported to be from the popular file-sharing platform.
“Masquerading as a file-sharing alert, the email uses a display name of ‘WeTransfer’. However, the domain used in the sender address provided in the ‘From:’ field doesn’t belong to the company – a red flag pointing to the email’s illegitimacy,” MailGuard stated in a blog post.
“The email actually originates from a rather generic domain registered by Tucows.”
The email tells users they’ve been sent some PDF files and are provided with a link to download the files.
The email is made to look very convincing, containing fake details such as file name and file size, and a level of urgency is added as users are told the files will be deleted within days.
Clicking the link will send users to a login page, complete with WeTransfer’s branding elements and logo, that requests the user’s name and password.
But the URL is not genuine and is in fact a phishing page registered with GoDaddy and hosted by Amazon AWS, MailGuard said.
“Upon ‘logging in’ and clicking on the link to ‘download file’, users’ credentials are harvested by the cybercriminals behind the scam.”
Victims are then informed that their login attempt was unsuccessful and are advised to “try entering it again”.
“We strongly advise all recipients to delete these emails immediately without clicking on any links. Please share this alert with your social media network to help us spread the word around this email scam.”
Large companies like WeTransfer are often the subject of phishing attacks, due to their trustworthy reputation, familiar branding and the ability to capture a large audience, MailGuard said.
The scam email also uses high-quality branding elements stolen from WeTransfer’s actual transfer page, which serves to fool users into believing they are really using WeTransfer’s actual website.
“In addition, using a file-sharing notification to trick users is another trick employed by cybercriminals to avoid detection,” MailGuard said.
“With more employees working remotely since the COVID-10 pandemic, it’s common for professionals to share confidential business documents with one another via email, so notifications like this one aren’t likely to raise too much suspicion.”
How to spot this scam
Companies you deal with should address you by name in its communications – but this scam doesn’t.
There are also some weird spacing and formatting errors throughout the email that reveal the email isn’t official.
On its support page, WeTransfer said it would never ask users “out of the blue” to confirm their email address or password; ask you to download a transfer from a download link; provide their full bank or payment details; and they don’t provide phone support.