Despite the rise of cloud-based collaboration services it’s still common for people to exchange information and documents by email. Of course you still need a way of handling larger attachments.
The latest social engineering attack uncovered by Armorblox spoofs a file-sharing notice from the popular WeTransfer platform that’s used by individuals and businesses alike.
The email is sufficiently like then real thing to trap unwary users and references the victim’s company, adding further legitimacy.
Anyone who does click the link is taken to a login page with Excel branding to try to get them to part with their Office 365 credentials. Of course alarm bells should be ringing at this point as why would a WeTransfer email take you to an Office 365 page? But if it’s Monday morning and you haven’t had your first coffee it’s easy to see how you might unthinkingly log in.
Writing on the company’s blog, Mark Royall, senior solutions engineer at Armorblox says, “The email title, sender name, and content aimed to induce a sense of trust and urgency in the victims — a sense of trust because the email claimed to come from a legitimate company (WeTransfer), and a sense of urgency because it claimed the victim was sent some files — files they would be eager to view. The context of this attack also leverages the curiosity effect, which is a cognitive bias that refers to our innate desire to resolve uncertainty and know more about something.”
You can read more and get tips on avoiding this type of threat on the Armorblox blog.