Actually, with the 30 to 40 e-mails that I receive from spammers and fraudsters every day, I am practiced in recognizing dubious e-mails. Nevertheless, another phishing email managed to get my attention today. This usually happens when the scammers' emails are "well done" and it is difficult to identify them as phishing emails.
The current case is about emails that look like they came from wetransfer.com. In fact, they come from bad people who want to elicit some access data or something similar from you. We had something like this recently in the post "PayPal phishing“ had.
For phishing emails, emails from well-known companies are often copied. In this case, WeTransfer has it.
I don't want to go as far as to say that the people behind the phishing emails are smart, but they've definitely learned about it over the past few years. In the past, malicious e-mails were relatively easy to recognize based on broken umlauts or incorrect spelling and grammar. In the meantime, however, this is no longer the case.
The bad people have learned to do this and copy the "real" emails from providers so precisely that even experienced computer users need to know what to look out for if they want to detect fraudulent emails.
One of the most important features is the link that is behind the buttons in the email. This appears when you leave the mouse pointer over the button in Apple Mail for a few seconds - without clicking!
How do I recognize Wetransfer phishing emails?
In the email I received, some things struck me as strange, so I was sure that they weren't directly from Wetransfer.com came. So that you know what to look out for, I have summarized the points here and also marked them in the screenshot of the mail.
Here you can see some things by which you can tell that the mail does not come from WeTansfer, but has a dubious author.
The features in detail
The sender address is actually easy to forge, but the fraudsters seem to have made a mistake here and stupidly took an address that does not end with @ wetransfer.com. Everything that does not come from this domain should appear suspicious in a mail that is supposed to come from wetransfer.
The name and e-mail of the sender is usually also included in the text of e-mails from WeTransfer. Here you have omitted this information.
If you move the mouse pointer over the "Get your files" button, a URL that does not come from wetransfer.com appears after a few seconds. This should also catch your eye and set alarm bells ringing.
Below in the footer is a note with the email address "n0reply@wetransfer.c0m". The Os have been exchanged for zeros. The purpose is unknown to me, but it is a typical feature of dubious mails.
Attached to the mail is a file called "open". As a rule, nothing is attached to emails from wetransfer.com, because the service is designed to allow you to load the attachment from their server.
On closer inspection, there are a few points that make you puzzled. I hope you will be spared from such emails and be careful before you open attachments or click links in emails.
Apart from the whole action, the service "wetransfer.com" is really recommendable. It does something similar to "Mail Drop" built into Apple Mail to send large files (>10MB). I have him here in this post times introduced and often use it myself.
Jens has been running the blog since 2012. He appears as Sir Apfelot for his readers and helps them with problems of a technical nature. In his free time he drives electric unicycles, takes photos (preferably with his iPhone, of course), climbs around in the Hessian mountains or hikes with the family. His articles deal with Apple products, news from the world of drones or solutions for current bugs.
Did you like the article and did the instructions on the blog help you? Then I would be happy if you the blog via a Steady Membership or at Patreon would support.
How Apple is trying to prevent mass layoffs
Desertec - Desert electricity as a solution to energy problems
Sir Apfelot newsreel week 11, 2023
Project Kuiper: Amazon's space internet is to be offered from 2024
Use Apple AirTag for NFC actions on the iPhone: Here's how!
Report Scam and Fraud: Summarized information from the police
Sir Apfelot newsreel week 10, 2023
New iMac to be launched with M3 chip (+ more Mac news)
