Cybercriminals are pretending to be WeTransfer in emails to trick people with phishing attacks.

WeTransfer is a Dutch internet-based computer file transfer service company that was founded in 2009. It is based in Amsterdam, the Netherlands.

This morning, we received an email pretending to be from WeTransfer, where someone sent us 7 files totaling 117 MB. After conducting a bit of research, we discovered that hackers are masquerading as WeTransfer to trick people into downloading the attachment. The hackers wrote their names in emails as [email protected], but the email addresses were different from the official WeTransfer ones.

The first thing anyone will notice is the email address, which seems legit but turns out to be a silly trick.

After that, we clicked on a link to see what would happen, and we ended up on a fake WeTransfer website. The website address was different, but the webpage looked like a legitimate WeTransfer page.

The website looked almost identical to WeTransfer; however, the top-level menu was missing a hyperlink that would indicate the site was fake. To see what would happen next, we clicked the Download button. Then, a pop-up appeared, asking for the username and password to access the file.

Buy Me A Coffee

We attempted to log in using a random username and password. However, after a while, we received an error message stating, ‘This email address and password don’t seem to match… Please double-check and try again.‘ This occurrence might indicate that hackers have deployed an automated script to verify the compatibility of email addresses and passwords. They may also attempt to log in across various email providers to find a matching combination and subsequently gain access to the targeted account.

READ
Rhysida Ransomware Gang Selling Stolen Children's Data for $3.6 Million

The site’s IP address appears to be 209.94.90.1 (209.94.90.0/23). Subsequent research on VirusTotal revealed that nine security vendors have flagged this IP address as malicious.

As cybersecurity takes precedence, it’s crucial to stay informed about potential threats to a secure online environment. Discovering a fake WeTransfer website served as a wake-up call, revealing the cunning nature of online scams. This experience underscores the importance of being cautious on the internet and avoiding deceitful tricks. Stay vigilant to protect yourself in the digital world.