3/17/2024 0 Comments Wetransfer safe![]() Users AD account and e-mail got their passwords reset but not before the account spat out a bunch of phishing e-mails to do the same thing to others on his contact list. Thankfully they figured it out when nothing happened and called me at the point. We transfer link has a PDF file in it, pdf file claimed to be Docusign secure download (really apparent it was a bad PDF), user clicked the link and put in their details. They also bothered to spell and grammar check the message so the user thought it was safe. We had a very similar situation happen, A known client sent us a e-mail with a wetransfer link in it, the e-mail itself had been sent from said clients compromised account so had their signature on it. These are companies, not individuals too. We have vendors, and customers with hotmail, gmail, and yahoo emails. However, end users, vendors and customers still do crazy things, that look crazier even than the phishing stuff. I wish they had used their PishAlert button, but honestly they sit right outside my office, so it was an easy back and forth. They were A) right to ask me to look at it, as it WAS suspicious and B) more right that it was worth immediate attention. and sure enough it was a real legit attachment PO. examples? "Do we MAKE stickers?" "Were you expecting an email fromX?" I was ready to give the grief that many of you mention. So they are always wary of suspicious emails (good). We have trained our users (and continue to do so). We don't make stickers, however, the customer is not native English speaking. They got an email from a known customer, but an unknown employee, saying they need to immediately purchase these stickers. "Are you expecting anything from this person?" Then open the link in Google Chrome to see if Chrome it self gives you a warning that the site you are visiting is unsafe. Try creating a Google email account and use Chrome.forward the email to your new Gmail e if Google automatically put it as spam or gives a warning when you open the email. I do not think this was a targeted attack but a very old email thread that someone opened using an unprotected machine and his email client got compromised. So the email and the wetransfer link all work fine in chrome and any other browser :( You can send anyone a file and claim to be anyone you want. and there is no check for source email address. If you have ever used the service, you do not need an account. ![]() The actual email - sent from WeTransfer - was genuine, and there was a file waiting for them to download. but then they are the only ones that talk to this company. It felt more targeted than it was because it was just our sales team that received it. because they likely sent it out to all of the persons contacts that they recovered from his account. I guess targeted would be the wrong word. Not sure what you are trying to get me to prove / do here? ![]() More training needed, but with attacks constantly evolving there is always going to be a chance that someone is caught again! I have chatted to both users about this, and they both felt that they were lured into entering their details because it looked like it came from someone they knew. I've also emailed the company that "sent" the email - to warn them that their user may have been phished in the past to gain access to his email / contacts. Office 365 logs checked to find no suspicious logins. a few accounts blocked straight away and passwords changed. Logs checked, warning emails sent to those that also received the email. No idea if the page ran as intended, but didn't take that risk. Found some scripts that ran every time a key was pressed calling a php script on the web. I opened up the file in notepad, scanned the code. I typed my username and password in and nothing." was the reply. I opened up a remote session to his laptop - saw the email and the file and asked him "did you open this?" Thankfully I was at my (personal) PC at the time and got on the case. I got an email around 8pm at night - one of the users was trying to open this file but it wasn't working and could I take a look? The file sent was websalesbrochure-file.htmlĢ users decided that they would open the file as they knew the person who sent it. The sender was a person & company that we deal with regularly. In a targeted attack on our sales team, we received an email via WeTransfer with a company's new sales brochure. Had an interesting phishing attack on Friday last week.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |