Actually, with the 30 to 40 e-mails that I receive from spammers and fraudsters every day, I am practiced in recognizing dubious e-mails. Nevertheless, another phishing email managed to get my attention today. This usually happens when the scammers' emails are "well done" and it is difficult to identify them as phishing emails.
The current case is about emails that look like they came from wetransfer.com. In fact, they come from bad people who want to elicit some access data or something similar from you. We had something like this recently in the post "PayPal phishing“ had.
I don't want to go as far as to say that the people behind the phishing emails are smart, but they've definitely learned about it over the past few years. In the past, malicious e-mails were relatively easy to recognize based on broken umlauts or incorrect spelling and grammar. In the meantime, however, this is no longer the case.
The bad people have learned to do this and copy the "real" emails from providers so precisely that even experienced computer users need to know what to look out for if they want to detect fraudulent emails.
How do I recognize Wetransfer phishing emails?
In the email I received, some things struck me as strange, so I was sure that they weren't directly from Wetransfer.com came. So that you know what to look out for, I have summarized the points here and also marked them in the screenshot of the mail.
The features in detail
The sender address is actually easy to forge, but the fraudsters seem to have made a mistake here and stupidly took an address that does not end with @ wetransfer.com. Everything that does not come from this domain should appear suspicious in a mail that is supposed to come from wetransfer.
The name and e-mail of the sender is usually also included in the text of e-mails from WeTransfer. Here you have omitted this information.
If you move the mouse pointer over the "Get your files" button, a URL that does not come from wetransfer.com appears after a few seconds. This should also catch your eye and set alarm bells ringing.
Below in the footer is a note with the email address "firstname.lastname@example.org". The Os have been exchanged for zeros. The purpose is unknown to me, but it is a typical feature of dubious mails.
Attached to the mail is a file called "open". As a rule, nothing is attached to emails from wetransfer.com, because the service is designed to allow you to load the attachment from their server.
On closer inspection, there are a few points that make you puzzled. I hope you will be spared from such emails and be careful before you open attachments or click links in emails.
Apart from the whole action, the service "wetransfer.com" is really recommendable. It does something similar to "Mail Drop" built into Apple Mail to send large files (>10MB). I have him here in this post times introduced and often use it myself.
Jens has been running the blog since 2012. He appears as Sir Apfelot for his readers and helps them with problems of a technical nature. In his free time he drives electric unicycles, takes photos (preferably with his iPhone, of course), climbs around in the Hessian mountains or hikes with the family. His articles deal with Apple products, news from the world of drones or solutions for current bugs.