Eighty Five users of Remote Hacking Tool (IM-RAT) targeted across Europe, Colombia and Australia.Phishing attempt in the name of FBE IC3.UK Tax warning - Fake HMRC Letters being sent to university students.Covid 19 Tips to avoid being scammed in purchasing items.EDP admits to being the target of a computer attack on its corporate network.Cybercrimes committed in Portugal have multiplied exponentially since the beginning of the covid-19.Cybersecurity alerts more than double to 138 in March.EUROPOL- ILLEGAL STREAMING SERVICE WILL 2 MILLION VIEWERS WORLD WIDE SWITCHED OFF.Cybersecurity incidents rise 101% in the 1st semester to 689 - CNCS.CTT Issues Alert over false emails using their name - Phishing attempt.Cybercrime Complaints Increased 182% in 2020.Portugal - Cyber attacks on organisations rose 81% in 2021 Check Point.So finding a “Bcc” definitely means we did not send you this email. Not to “undisclosed recipients” or to other addresses. We only ever send a transfer email to your own email address. Check the address the email was sent to.So stay aware even if we seem to be the sender. Please note that emails from are no guarantee that we’ve actually sent you this email.We always send our service-related emails from If the email is sent from a different address, don’t open the download link. If the transfer isn’t from someone you know or an obvious fake, don’t use the download link. Check the address mentioned in the body of the email.Does the download button take you to our domain ()? If not, the files are hosted somewhere else and never safe to download.Is the layout different from the layout you usually see when you open a WeTransfer mail? If so, don’t use the download button or link.WeTransfer recommend to check the following if you receive such an email which could be an attempt to steal your login details or install malware on your machine. The email invited the recipient to click on a download link which was based in Russia. In this case the senders address was: sales (at) cargoonelogistics-com.ga. Mail administrators should consider looking for recent WeTransfer emails and following up with users.Be aware that there are fake WeTransfer emails being sent, one of which was referred to Safe Communities Portugal this morning.Until mail blacklists begin to block WeTransfer’s emails automatically, flag suspicious emails as junk.All emails sent from WeTransfer should be treated as suspicious.It is not the responsibility of an organisation or individual to disallow third-party services from spoofing them.IP address blacklists provide minimal security.Verification of the sender should be default, not opt-in.This is inadequate, for the following reasons: They can block a specific email address so it cannot be used to send spam.Fill out a form and they’ll send a verification token to your email address every time it is used as a sender. They have a “new email verification feature”.They consider this kind of abuse a “very rare effect”. ![]() They’ve removed the malicious file, so nobody can download it.They’ve blocked the sender and their IP address. ![]() When AusCERT contacted WeTransfer to report this security hole, we received a response, the gist of which was: This vulnerability, and others, have been known for months. This means that WeTransfer is allowing targeted phishing and malspam emails to be delivered, based on the strength of their own brand. This will send a legitimate-looking file transfer email to both parties, using WeTransfer’s branding and legitimate email headers. Most likely even by mistake!”Īn attacker can enter something like the following: This sometimes has the effect you are experiencing, where someone else uses your email address. “Our ease of use is a core value, that’s why we allow our users to enter any email address they want. The WeTransfer FAQ makes it clear that they allow address spoofing on purpose: By default, users may enter any sender address. However, WeTransfer perform minimal validation on email addresses provided by users, which is a major security hole. The uploaded file will be sent to the recipient with an explanatory email template, and the sender will also receive an email receipt. WeTransfer is a legitimate file-hosting service with a simple business model: users can upload a file, enter a recipient email address, and enter a sender email address. We have summarised our findings and provided advice, which can be found at the end of this post. AusCERT has seen direct evidence of malicious emails being sent via WeTransfer, as part of an ongoing campaign affecting Australian organisations.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |