If you receive an unexpected WeTransfer email, do not click on it as it is a phishing attempt that is very difficult to identify and wants to steal your data.
Phishing is one of the most used systems when it comes to stealing user data and it has a thousand ways of being used. Being so versatile, criminals make it evolve over days, weeks and years. The worst of all this is that it is becoming increasingly difficult to identify it and, logically, avoid it..
In fact, all the people who have to file the Income Tax return must remain cautious because criminals take advantage of the Treasury campaign to launch this type of elements and steal information. But they are not the only people who have to be aware of everything they do.
And, it is that, in the last few hours, a rather curious phishing attempt has been seen and very difficult to avoid at first glance. But Luckily, Marcos Besteiro, a Twitter user, has recounted how they have tried to steal data by posing as a WeTransfer link.We are going to report what happened so that no one is a victim of this deception.
Today, an elaborate scam/phishing/data theft attempt. We received this email: pic.twitter.com/dY7j9J6gOh
– Marcos Besteiro 👧🏻👶🏻 (@MarcosBL) April 8, 2022
The first thing to bear in mind is that this way of stealing data is very successful and, in fact, affected people like Marcos Besteiro receive an email in which the WeTransfer logo appears and to provide greater veracity all the fields of the email are completed correctly.
Of course, Marcos Besterio reports that she has not fallen for the robbery attempt because her co-workers have warned her that they had nothing pending to receive. Seeing that this was an attempt to steal data, he has investigated to see how it works and what stands out is that if the user clicks on it, it takes him to a simulation of his domain.
El Corte Inglés is not celebrating its 80th anniversary with a 500-euro raffle: it’s phishing
Come on, when you press what happens in the case of Marcos Besteiro, it takes him to a simulation of his website. A warning appears in this simulated window indicating that the session has expired and that, therefore, the user and credentials must be re-entered so you can stay connected and do what needs to be done.
But what happens is that this is not real, it is a simulation made by a script that is hidden inside the link and, of course, attackers take advantage of people’s carelessness or absent-mindedness to obtain data from their domains. The problem varies depending on the domain or the data that they can steal.
If this domain has billing information, card numbers and passwords, attackers can use them to directly steal money. The recommendation is quite simple: do not click on links that we do not expectcheck if where you are going to enter the password is a secure domain and, above all, do not trust anything at all.
George is Digismak’s reported cum editor with 13 years of experience in Journalism