According to Metro, hackers are adopting a new phishing scam by disguising malware as WeTransfer links.
The scam involves hackers sending a ‘Proof of Payment’ document from WeTransfer, but instead sharing a link containing malware.
WeTransfer is a free file-sharing site used by several workers and businesses. Hackers have figured out a way to use this to get around security software that detects URLs in emails.
Cybersecurity researchers from Cofense have found that hackers are now distributing malware called Lampion using misleading links.
Cybercriminals continually look for ways to trick people into quickly clicking through links without thinking. Using well-known brands helps attackers leverage trust and when the email arrives from a trusted source, it is therefore likely that the victim will download the transferred attachment. People need to verify the source of attachments irrespective of the carrier and if they are not expecting it, they should carry out further due diligence. If the attachment received is a zip file, people need to be extra cautious. Cyberattacks are becoming craftier and people need to be more vigilant but attackers will take advantage of those who are busy which can cause damaging consequences.
Will the attack only be successful if the file is downloaded?