Caution: Wetransfer phishing emails are in circulation

Wetransfer phishing - this is how you recognize the fraud

Actually, with the 30 to 40 e-mails that I receive from spammers and fraudsters every day, I am practiced in recognizing dubious e-mails. Nevertheless, another phishing email managed to get my attention today. This usually happens when the scammers' emails are "well done" and it is difficult to identify them as phishing emails.

The current case is about emails that look like they came from wetransfer.com. In fact, they come from bad people who want to elicit access data or something similar from you. We recently had something like that in the post "PayPal phishing"had.

E-mails from well-known companies are often copied for phishing mails. In this case, WeTransfer has it.

For phishing emails, emails from well-known companies are often copied. In this case, WeTransfer has it.

Gone are the days of stupid scammers

I don't want to go as far as to say that the people behind the phishing emails are smart, but they've definitely learned about it over the past few years. In the past, malicious e-mails were relatively easy to recognize based on broken umlauts or incorrect spelling and grammar. In the meantime, however, this is no longer the case.

The bad people have learned to do this and copy the "real" emails from providers so precisely that even experienced computer users need to know what to look out for if they want to detect fraudulent emails.

One of the most important features is the link that is behind the buttons in the email. This appears when you leave the mouse pointer over the button in Apple Mail for a few seconds - without clicking!

One of the most important features is the link that is behind the buttons in the email. This appears when you leave the mouse pointer over the button in Apple Mail for a few seconds - without clicking!

How do I recognize Wetransfer phishing emails?

In the email I received, some things struck me as strange, so I was sure that they weren't directly from Wetransfer.com came. So that you know what to look out for, I have summarized the points here and also marked them in the screenshot of the mail.

Here you can see some things by which you can tell that the mail does not come from wetransfer, but has a dubious originator.

Here you can see some things by which you can tell that the mail does not come from WeTansfer, but has a dubious author.

The features in detail

  1. The sender address is actually easy to forge, but the fraudsters seem to have made a mistake here and stupidly took an address that does not end with @ wetransfer.com. Everything that does not come from this domain should appear suspicious in a mail that is supposed to come from wetransfer.
  2. The name and e-mail of the sender is usually also included in the text of e-mails from WeTransfer. Here you have omitted this information.
  3. If you move the mouse pointer over the "Get your files" button, a URL that does not come from wetransfer.com will appear after a few seconds. This should also be noticed and the alarm bells ring.
  4. At the bottom of the footer is a note with the email address "n0reply@wetransfer.c0m". The Os have been swapped for zeros. The purpose is unknown to me, but it is a typical feature of dubious emails.
  5. A file called "open" is attached to the mail. There is usually nothing attached to emails from wetransfer.com, because the service is there so that you can then download the attachment from their server.

On closer inspection, there are a few points that make you puzzled. I hope you will be spared from such emails and be careful before you open attachments or click links in emails.

Apart from the whole campaign, the service "wetransfer.com" is really recommendable. It does something similar to "Mail Drop" which is built into Apple Mail to send large files (> 10MB). I have him here in this post times introduced and often use it myself.

-
Do you like my blog? Then I would be happy to receive a short review on Google. Easy leave something here for a moment - that would be great, thank you!

Leave a Comment

Your e-mail address will not be published. Required fields are marked with * .