The new wave of attacks is mainly directed against companies.

Managing directors/CEOs (names can be found in the imprint of a website), sales and marketing staff (usually also publicly visible) and employees from public administrations (e.g. financial administrations). They are the most frequent targets of this wave of attacks, but anyone else can be affected.

With WeTransfer, the attackers use a very well-known platform for sending e.g. presentations, catalogues or larger graphics and photos. WeTransfer is a cloud service that is mainly used by companies and freelancers. It is an ideal Trojan horse to penetrate a company network. The phishing email looks very authentic. The sender appears to be the cloud service “WeTransfer”, the link to the alleged download file also looks genuine. However, the link leads to another website where the victim’s email address is saved in the first step. With this, the attackers have already identified all the easy targets.

In the next step, the website transmits malicious code to the victim’s computer. A good web browser protection like Bitdefender or McAfee can help with this step. The security software blocks access to the website and warns of the possible dangers (see picture).

We carried out a test with Windows 10’s own security protection “Windows Defender”. Unfortunately, Defender allowed the website to be accessed and thus we were at the mercy of spying.

How can users defend against such an attack?

  1. The e-mail client should only receive e-mails in text format, not in HTML format. In addition, the automatic reloading of external content (e.g. graphics) should be prevented. When loading graphics, for example, the attacker can pass on malicious code and knows who has opened his e-mail (the e-mail address is thus identified as a potential target). The e-mails may not look as nice in text format, but an attacker can no longer tell whether an e-mail has been opened or even read.
  2. A healthy distrust, even with known senders, is the best protection. Does the colleague from accounting really send a WeTransfer file? Probably not. Excel or PDF files do not need much storage space and would be sent directly. If the colleague from the marketing department sends a file via WeTransfer, there is a higher probability that the email will be opened. Before clicking on the link in the email, look at the link address in the bottom left-hand corner of the email client. If it does not say “https://wetransfer.com/download/….” it is probably a phishing e-mail.
  3. If 1 and 2 didn’t help and the email was opened in an unfocused moment, a good security solution like Bitdefender can help ward off an attack.
  4. If 1 – 3 did not help, it is still possible to restore the system to a restore point or make regular updates with EaseUS ToDo Back-up.

Conclusion:
It remains exciting and the attacks are becoming more and more sophisticated. In the past, we received phishing emails from unknown senders in poor German or English. Nowadays, they are from known senders with halfway comprehensible content in the subject line. Even if the e-mails are encrypted on the Internet, the header with the e-mail address is readable, because otherwise it would not be possible to forward them to the right recipient. This is where cyber criminals come in and grab the e-mail addresses of the sender and recipient. With a watchful eye, common sense and a good security solution, the user is protected against a known phishing attack.