A "File Transfer" Phishing Campaign
The Division of Information Technology( DOIT) recently received reports of a ‘file transfer’ phishing campaign. Below is an example of this phishing email. We removed the To field for privacy purposes.
To make sure our emails arrive, please add firstname.lastname@example.org to your contacts.
sent by wetransfersupport.wetransfer.com
About WeTransfer - Help - Legal - Report this transfer as spam
This example originated from <email@example.com>; however, there are several more senders:
At first glance, the download link seems to originate from Wetransfer.com, however if you look closely, there is a comma between Wetransfer and com:
https:/wetranster,com/ downloads/ 7fa32f92e5e6536721c0c454c64efb520180304192959/ 6c03cb9a8f23fd6c89dac4d8c16a09220180304193000/184ee46
Another flaw in the link is that copying the link address will take you to a completely different domain, https://firebasestorage.googleapis.com. Below is the full link and its website.
If you have received this email, please DO NOT CLICK on the link. However, if you have clicked on the link, DO NOT ENTER your password. If you entered your UMBC password, immediatelyCHANGE your password.
If you have received any message similar to the one listed above, please forward it with its headers firstname.lastname@example.org. For instructions, visit: https://wiki.umbc.edu/pages/viewpage.action?pageId=1867970.
Receive any suspicious emails?
Forward it to email@example.com along with the email headers. For instructions, visit: https://wiki.umbc.edu/pages/viewpage.action?pageId=1867970.
Follow us on myUMBC:https://my3.my.umbc.edu/groups/itsecurity.
Posted: September 28, 2021, 7:19 PM