WeTransfer is known as one of the premier file-sharing services. They offer a free version that allows users to send up to 2GB of files while “Plus” users can send up to 20GB at a time. Researchers recently discovered that attackers are using the platform to spread phishing campaigns through the delivery of malicious URLs which bypass email gateway security. “As WeTransfer is a well-known and trusted file hosting system, used to share files too large to attach to an email, these links will typically bypass gateways as benign emails, unless settings are modified to restrict access to such file sharing sites,” said researchers. It seems as if the attacks are targeting the banking, energy, and media industries at this time. Users will receive an email directly from WeTransfer, which tells the user that a file has been shared with them. The links within the email are real, but an HTML file is also attached which redirects the user to a phishing page if it is downloaded. It is likely that compromised email accounts are being used to send malicious content. When visiting the phishing page, users receive a request to input their Office365 information. Microsoft accounts are not the only ones being targeted as other phishing sites for other services have also been seen.
Analyst Notes
As for any possible phishing email, users are suggested to not open any emails from unverified sources. Links within these emails should not be followed either and if they are, users should not input any personal information on the sites that these links lead to.
