Jump to content
Sign in to follow this  

Phishing Campaign Exploits WeTransfer Alerts To Bypass Email Gateways

Recommended Posts

The innovativeness of hackers seems to have no end. Once again, they have worked out a means to evade security mechanisms to execute their phishing campaigns. This time, the attack exploits WeTransfer alerts to bypass email gateways.

WeTransfer Alerts Phishing Campaign

Researchers from Cofense have spotted another phishing campaign going on in the wild. This campaign exploits WeTransfer alerts to evade security measures.

As explained in their blog post, the scammers abuse the WeTransfer file hosting service to bypass email gateways.

The attack begins with emails reaching the victim’s mailbox made up as a WeTransfer notification for file sharing. The attackers seemingly use compromised email accounts for sending these phishing emails since these emails contain legit URLs to the WeTransfer service.

WeTransfer alerts phishing email Source: Cofense

Clicking on these links redirects the victims to WeTransfer file-sharing webpages. These pages contain HTML or HTML files ready for download. Clicking on the files then redirect the user to the actual phishing sites.

phishing.jpg Source: Cofense

Like any other phishing scam, this one too, upon reaching the last phase, requires the users to enter their Office 365 account credentials.

Evasion Of Email Gateways

Because of the presence of trusted WeTransfer links, these phishing emails usually succeed in evading most security checks. According to the researchers,

These links will typically bypass gateways as benign emails, unless settings are modified to restrict access to such file sharing sites… These include ProofPoint, Office365 Safe Links, and Symantec.

Owing to this evasion strategy, despite being obvious, this phishing scam is likely to fool some users.

Earlier, the same researchers also highlighted another phishing campaign that tends to bypass security checks. In that case, the researchers evaded all defense measures by using QR codes.

Considering the growing number of such phishing attacks, each with a new strategy, it is imperative for users to “think twice” before clicking on any email they receive.

Stay safe!


Sursa: https://latesthackingnews.com/2019/07/29/phishing-campaign-exploits-wetransfer-alerts-to-bypass-email-gateways/

  • Haha 1

Share this post

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Sign in to follow this  

  • Create New...