Check Point Email Security | Blog

We Shouldn't Transfer: Getting End-Users to Give Over Credentials

Written by Jeremy Fuchs | April 5, 2021

You may have heard about the recent Accellion breach. Accellion, a file-sharing app, was breached and now tons of universities and corporations have been hit. Major universities like Stanford and University of California were targeted; conglomerates like Shell were hit too. 

File-sharing apps are not inherently secure, which is why Avanan protects apps like Dropbox, Google Drive and Box.

But because of the free-flowing nature of file-sharing, hackers will use this to their advantage. 

Avanan researchers uncovered a phishing attack that leverages WeTransfer, another popular file-sharing app, to get credentials. This attack bypassed Mimecast, but was stopped by Avanan.

Here's what the attack looks like:

 

Looks like a standard email you'd get when someone shares files, right?

And when you click on "Get your files" you get directed to a pretty convincing replica of WeTransfer—with one difference:


The URL is certainly not WeTransfer. In fact, it has an invalid certificate:



However, if you kept going along to download the files, here's what happens:

 

Once you enter your credentials, that's the ballgame. You don't ever get the files. Instead, you get this page over and over again:

Hackers will do anything to get in your inbox. Posing as a trusted file-sharing source, with an email you may often get, tends to be a good way to do that.