Phishing Alert: "Received AWB Documents via WeTransfer"
A "File Transfer" Phishing Campaign
The Division of Information Technology( DOIT) recently received reports of a ‘file transfer’ phishing campaign. Below is an example of this phishing email. We removed the To field for privacy purposes.
To make sure our emails arrive, please add email@example.com to your contacts.
sent by wetransfersupport.wetransfer.com
About WeTransfer - Help - Legal - Report this transfer as spam
This example originated from <firstname.lastname@example.org>; however, there are several more senders:
If you receive a similar email, please forward it immediately to: email@example.com along with the headers.
At first glance, the download link seems to originate from Wetransfer.com, however if you look closely, there is a comma between Wetransfer and com:
https:/wetranster,com/ downloads/ 7fa32f92e5e6536721c0c454c64efb520180304192959/ 6c03cb9a8f23fd6c89dac4d8c16a09220180304193000/184ee46
Another flaw in the link is that copying the link address will take you to a completely different domain, https://firebasestorage.googleapis.com. Below is the full link and its website.
This format is similar to a previous phishing email. However, the background is different, and the link takes you directly to https://firebasestorage.googleapis.com and asks you to log in.
If you have received this email, please DO NOT CLICK on the link. However, if you have clicked on the link, DO NOT ENTER your password. If you entered your UMBC password, immediatelyCHANGE your password.
If you have received any message similar to the one listed above, please forward it with its headers firstname.lastname@example.org. For instructions, visit: https://wiki.umbc.edu/pages/viewpage.action?pageId=1867970.
Receive any suspicious emails?
Forward it to email@example.com along with the email headers. For instructions, visit: https://wiki.umbc.edu/pages/viewpage.action?pageId=1867970.
Follow us on myUMBC:https://my3.my.umbc.edu/groups/itsecurity.
Posted: September 28, 2021, 7:19 PM