
WeTransfer is a popular platform for sending large files, but be cautious of emails claiming to be from WeTransfer. These emails may contain phishing scams that try to trick you into revealing sensitive information.
Some WeTransfer emails may appear legitimate, but they can be used to steal your login credentials. This is because scammers often use fake email addresses or URLs that mimic WeTransfer's domain.
WeTransfer emails can also contain malicious links or attachments that can harm your device. It's essential to verify the sender's email address and check the URL before clicking on any links.
If you're unsure about the authenticity of a WeTransfer email, it's best to delete it or contact WeTransfer's support team directly.
Phishing Scams via Email
Phishing scams via email are a serious threat, and one of the most convincing types is the "WeTransfer - You Have Received Files" email scam. This scam notifies you that someone has sent you a file via WeTransfer, but it's actually a phishing email designed to steal your login credentials.
The email may include a message from the supposed sender, making it look like a legitimate email from a trusted source. However, all the information in the email is false, and clicking on the "Get your files" button will redirect you to a phishing website that records your login credentials.
The attackers may also use custom notes to camouflage the email as an invoice ready to be reviewed, making it look even more convincing. Once you click on the "Get your files" button, you'll be redirected to a WeTransfer download page where a malicious HTML file is hosted, which will be downloaded by the unsuspecting victim.
The phishing landing page will then be opened in your default web browser, tricking you into giving away your credentials for Office 365 and other online services. This is a very popular phishing tactic designed to lower your guard and take advantage of your trust in WeTransfer, a well-known and trusted file hosting system.
As a result, you may experience severe privacy issues, financial losses, and even identity theft. If you've already typed your login credentials into a phishing webpage, change the passwords of all possibly exposed accounts and inform their official support without delay.
Phishing Campaigns and Gateways
Phishing campaigns are getting sneakier, and one way they're doing it is by using legitimate services like WeTransfer to evade email gateways.
WeTransfer is a well-known and trusted file hosting system, used to share files too large to attach to an email.
These links will typically bypass gateways as benign emails, unless settings are modified to restrict access to such file sharing sites.
The attackers send real WeTransfer notifications via email, which inform recipients that someone has shared a file with them.
They're using the comment feature in WeTransfer notifications to tell the victim that the file is important.
The entire delivery method is legitimate, so most email filters aren't watching out for this behavior.
As security technologies adapt to known vectors of attack, threat actors are increasingly taking advantage of legitimate services to carry out phishing attacks.
This attack method has been observed to bypass multiple gateways, making it a concerning trend in phishing campaigns.
Additional reading: Advance Cash Services Lawsuit Email
Think Before You Click: Phishing Alert
Be cautious with links from unfamiliar senders, especially those claiming to be from reputable companies like WeTransfer.
WeTransfer emails often contain links to share files, but these links can be malicious, as seen in the case of the suspicious email that prompted a password reset.
Hover over links before clicking to check the URL and ensure it's legitimate.
WeTransfer's official links typically start with "wetransfer.com" or "we.tl" but scammers may use similar-looking URLs to deceive users.
Verify the sender's email address to ensure it's from a legitimate WeTransfer account.
A common phishing tactic is to use a fake email address that closely resembles the real one, making it difficult to spot the difference.
Readers also liked: Remitly Email Address
WeTransfer Incident
WeTransfer, a popular file transfer service, had a security incident where file transfer emails were sent to unintended email addresses on June 16 and 17.
Users were logged out of their accounts and forced to reset their password as a precautionary measure to protect their accounts.
The company blocked the unintentional transfer links to prevent further downloads.
WeTransfer urged affected individuals to monitor their account for any "suspicious or unusual emails."
Intriguing read: Email Money Transfer
WeTransfer Hosted Phishing Redirectors

WeTransfer was used to host phishing redirectors, a tactic designed to lower targets' guard and trick them into clicking on malicious links.
Threat actors added custom notes to the phishing emails, often camouflaging them as invoices ready to be reviewed, to make the WeTransfer notification look more convincing.
The victims were redirected to the WeTransfer download page where a HTM or HTML file was hosted and downloaded by the unsuspecting victim.
This file, when opened, would open the phishing landing page in the victims' default web browser, tricking them into giving away their credentials for Office 365 and various other online services.
The links would typically bypass gateways as benign emails, unless settings were modified to restrict access to such file sharing sites.
WeTransfer notifications were being used to inform recipients that someone had shared a file with them, making the link seem legitimate and increasing the chances of the victim clicking on it.

The attackers were using the feature to include a comment in the email, telling the victim that the file was important, to make the link seem more trustworthy.
The entire delivery method was legitimate, so most email filters weren't watching out for this behavior, making it a successful phishing tactic.
WeTransfer Incident: Unintended Email Recipients
WeTransfer issued a security notice to inform users that file transfer emails were sent to unintended email addresses on June 16 and 17.
The company logged out of some users from their account and forced them to reset their password in response to the incident.
Users who were impacted by the incident were sent an email stating that a transfer they sent or received was also delivered to some people it was not meant to go to.
The email also stated that the company had blocked the link to prevent further downloads, as a precaution.
WeTransfer urges affected individuals to monitor their account for any suspicious or unusual emails.
The company did not disclose technical details about the problem at the time of the incident.
If this caught your attention, see: Hotmail Email Account
Frequently Asked Questions
Does WeTransfer send an email?
Yes, WeTransfer sends two email notifications: an upload confirmation and a download confirmation. These emails keep you informed about the transfer's status.
Featured Images: pexels.com


