This cyber attacks they never stop and on this occasion a new mode phishing who claims to be WeTransfer, file sending and receiving platform.

It should be noted that Phishing is a social engineering strategy used by cybercriminals to steal credentials. and commit fraud or obtain sensitive information with them. They often impersonate companies by copying their logos and fonts to send emails with malicious links.

Having said that, on this occasion the attackers Emails from WeTransfer were copied. They send fake emails to their victims, hoping they will click on a link that leads to a download site.

However, by clicking on the malicious link, victims gain access to attackers. Such a situation can be extremely dangerous, especially if a company’s equipment is used.

Marcos Besteiro, executive director of the education portal ACEDIS, warned of this new scam via his Twitter account. He said some of his co-workers got the email, which they realized was a fabrication after noticing some quirks.

First, to understand that this is something phishing mail, was that they did not expect to receive files from anyone that day. Second, they hovered over the link to see what address the link was pointing to. Thanks to these two signals, they alerted their team.

“The malicious script they have collects this email, eliminates the user, and protects the domain to know where the click came from. In our case, it ends up on our website http://acedis.com”, Besteiro informed.

In simpler terms, when an attacker reaches an employee to click on the malicious link, their system checks where it came from. Normally, companies identify the victim as a Telefónica employee by emailing their employees such as “info@telefonica.com”.

“now it script opens an iframe with this domain full screen, so you are on your own company website. And they position their own login window on top of that frame, so if you think you need to click and enter your website, it captures your username and password,” he said.

In other words, they “duplicate” the company’s site with the information obtained so that the victim truly believes he is in it. You enter your username and password when you try to login, these are stolen by cybercriminals.

If the person is uninformed, they will not realize that the site is a copy. and enter your data. Information under the attackers’ domain can be used to gain access to the business account and perform an attack or demand a ransom.

Besteiro explained that the malicious script was hosted on ipfs.io, a p2p web system (interplanetary file system) to share content where each member is a node in the network.

How can you avoid such scams?

To avoid falling for a scam such as phishing strengthen safety in electronic devices and navigation, e.g:

– Use the two-step verification system on accounts.

– Check that the URLs of the websites start with “https”.

– Beware of those who offer incredible offers or quick ways to make money.

– Remember that legitimate websites do not request passwords or financial information via message.

– Use a complete and reliable security solution to stay protected.

– Having updated software. This way, it is ensured that the operating system has the necessary patches or fixes to protect against potential attacks.

– Avoid public WiFi connection without password protection where all traffic can be exposed. Ideally, use a reliable VPN to connect, especially if you’re going to be entering sensitive data on the web.