Phishing Campaign Exploits WeTransfer Alerts To Bypass Email Gateways

  • 4

The innovativeness of hackers seems to have no end. Once again, they have worked out a means to evade security mechanisms to execute their phishing campaigns. This time, the attack exploits WeTransfer alerts to bypass email gateways.

WeTransfer Alerts Phishing Campaign

Researchers from Cofense have spotted another phishing campaign going on in the wild. This campaign exploits WeTransfer alerts to evade security measures.

As explained in their blog post, the scammers abuse the WeTransfer file hosting service to bypass email gateways.

The attack begins with emails reaching the victim’s mailbox made up as a WeTransfer notification for file sharing. The attackers seemingly use compromised email accounts for sending these phishing emails since these emails contain legit URLs to the WeTransfer service.

WeTransfer alerts phishing email
Source: Cofense

Clicking on these links redirects the victims to WeTransfer file-sharing webpages. These pages contain HTML or HTML files ready for download. Clicking on the files then redirect the user to the actual phishing sites.

Source: Cofense

Like any other phishing scam, this one too, upon reaching the last phase, requires the users to enter their Office 365 account credentials.

Evasion Of Email Gateways

Because of the presence of trusted WeTransfer links, these phishing emails usually succeed in evading most security checks. According to the researchers,

These links will typically bypass gateways as benign emails, unless settings are modified to restrict access to such file sharing sites… These include ProofPoint, Office365 Safe Links, and Symantec.

Owing to this evasion strategy, despite being obvious, this phishing scam is likely to fool some users.

Earlier, the same researchers also highlighted another phishing campaign that tends to bypass security checks. In that case, the researchers evaded all defense measures by using QR codes.

Considering the growing number of such phishing attacks, each with a new strategy, it is imperative for users to “think twice” before clicking on any email they receive.

Stay safe!


Abeerah Hashim

Abeerah has been a passionate blogger for several years with a particular interest towards science and technology. She is crazy to know everything about the latest tech developments. Knowing and writing about cybersecurity, hacking, and spying has always enchanted her. When she is not writing, what else can be a better pastime than web surfing and staying updated about the tech world! Reach out to me at: [email protected]

Do NOT follow this link or you will be banned from the site!