:quality(75)/cloudfront-us-east-1.images.arcpublishing.com/elcomercio/TXJFQUOKPRAALB3FRMBG4JQN6Q.PNG)
The company specializing in cybersecurity services ESET has warned of a new method of email deception based on sending ’emails’ allegedly sent by WeTransfer, which include fraudulent links.
YOU CAN SEE: LAPSUS$ remains active and is attributed the theft of data from the ‘software’ company Globant
Sending false subpoenas has become one of the most widespread methods used by cybercriminals to trick their victims into gaining access to their electronic devices.
A few days ago, the National Police warned of a new ‘phishing’ attack based on sending emails, in which the victims were summoned to testify in court for alleged crimes related to child pornography, exhibitionism and pedophilia.
YOU CAN SEE: Apple and Meta reportedly leaked user data to criminals posing as public officials
Now, ESET has detected a method by which cybercriminals use a court summons, posing as a law firm to send a series of ‘malware’ files through WeTransfer.
As explained on his blog by the director of Research and Awareness of this company, Josep Albors, in the body of the message a series of links are provided for the alleged download of files that refer to a judicial process and an infraction allegedly committed by the victims.
YOU CAN SEE: The fastest ransomware in the world and 5 tips to avoid it
Believing that it is a real file and feeling worried about it, many of these people end up clicking on the links included by cybercriminals in emails.
Once they click on these links, they are redirected to a web page that looks very similar to WeTransfer, a method that was already warned about in November 2020, when several campaigns aimed at stealing credentials by installing malware were detected.
Once accessing this supposedly legitimate web page, a login menu is displayed that users can confuse and enter their real credentials, both their email address and password.
HOW TO SPOT A FAKE LINK
From ESET they have recommended, before providing personal data, to check some aspects that can clarify if it is a fraudulent web page or if, on the contrary, it is valid and safe.
First of all, the URL must be reviewed and checked if it matches the original. For example, in this case, the original website is ‘wetransfer.com’, while the one used by cybercriminals is ‘wetransfer.cn.com’.
The problem with these fake web pages is that, each time, they present a more sophisticated appearance, so many users consider them valid just because they include the HTTPS protocol and contain the security padlock.
This only indicates that an encrypted communication is taking place between the device they are using, be it a mobile phone or a computer, and the website, but not that this site is secure.
Another of the checks proposed by ESET is to check the domain registration date. If it is a new one, less than a month old, it could indicate that the website is not secure, since it would have been created exclusively to serve as bait in this type of attack.
Another aspect that determines the presumed legitimacy of these web pages is their registration origin. In this case, the domain registration was done in Russia, something that raises suspicions because WeTransfer originated in the Netherlands.
Source: Elcomercio
:quality(75)/cloudfront-us-east-1.images.arcpublishing.com/elcomercio/IFCFUGC55NHVXPN7A7BCPUE6N4.jpg)
:quality(75)/cloudfront-us-east-1.images.arcpublishing.com/elcomercio/2BNQZ53KKFEIJGBAJ4CSEXD4W4.jpg)
