Cyber attacks never stop, and this time a new form of phishing has been detected that pretends to be WeTransfer, the platform for sending and receiving files.
It should be remembered that phishing is a social engineering strategy that cybercriminals use to steal credentials and commit fraud with them or obtain sensitive information. They usually pretend to be companies copying their logos and typography to send emails with malicious links.
That said, it should be noted that this time the attackers duplicated WeTransfer emails. They send fake emails to their victims waiting for them to click on a link that supposedly leads to the site for downloading files.
However, by clicking on the malicious link the victims give them access to the attackers. Such a situation can be extremely dangerous, especially if you are using a company's equipment.
The one who warned about this new scam was Marcos Besteiro, executive director of the training portal, ACEDIS, through his Twitter account. She said that some of her co-workers received the mail, which they realized was apocryphal when they noticed some strangenesses.
First of all, to realize that it was a phishing email, it was that they weren't expecting to receive files from anyone that day. Secondly, they hovered over the link to see which direction it was headed. Thanks to these two signs they alerted their team.
Put more simply, when the attacker gets a worker to click on the malicious link, his system checks where it came from. Companies usually give their employees emails such as “info@telefonica.com”, thus identifying that the victim was an employee of Telefónica.
“Now the script opens an iframe with that domain in full screen, so it looks like you're on your own company's website. And on that frame, they position a login window of their own, so that if you click and think you have to enter your website, capture your username and password”, he said.
That is, with the information obtained, they “duplicate” the company's site so that the victim believes that he is really on it. When you try to log in you place your username and password, these are stolen by the cybercriminal.
If the person is clueless, he will not notice that the site is a copy and will enter his data. The information, being under the control of attackers, can be used to access the business account and carry out attacks or ask for money for ransom.
Besteiro explained that the malicious script is hosted on ipfs.io, which is a p2p (Interplanetary File System) web system for sharing content where each member is a node on the network.
How can this type of scam be avoided?
To avoid falling into fraud such as phishing, security must be strengthened on electronic devices and browsing, for example:
- Use the two-step verification system for accounts.
- Check that the URL of websites start with “https”.
- Be wary of amazing offers or that offer quick ways to earn money.
- Remember that legitimate websites do not ask for passwords or financial information through messages.
- Use a complete and reliable security solution to stay protected.
- Have up-to-date software. That way you make sure that the operating system has the necessary patches or corrections to be protected against possible attacks.
- Avoid public WiFi connection, without password protection and where all traffic may be exposed. The ideal is to use a reliable VPN to connect, especially if you are going to enter sensitive data on the web.
KEEP READING: