Be careful when downloading files! Cybercriminals have a new method

A trap so tempting that you want to fall into it

Beware of scams with fake WeTransfer links! Cybercriminals are using new attack methods by impersonating a popular file transfer platform.

ESET analysts have noted a significant increase in cyberattacks using fake file download links that resemble those from WeTransfer. In May 2024, the number of these attacks increased by 420%. compared to the previous year. How to identify fake links and share large files safely?

Sending large files – watch out for scammers

Sending large files can be problematic, especially when their size exceeds email limits. Platforms like WeTransfer then become very helpful. Unfortunately, cybercriminals also notice their popularity and use it for their own purposes.

“We have observed a sharp increase in phishing campaigns. The victim receives an e-mail with a link to a file that allegedly comes from WeTransfer. Cybercriminals create e-mails and links that look authentic. Once clicked, they can install malware on the victim’s computer or extort confidential data,” says Beniamin Szczepankiewicz , ESET analyst.

How to spot a fake WeTransfer link?

Before downloading the file, it is worth considering whether we are actually waiting for such files. Let’s also check the sender’s name and make sure that it is actually a person we know. If we have doubts, let’s verify it at the source.

Let’s pay attention to the domain of the page to which the “Download your files” link directs. If it is different from, it may be a fraud attempt. Let’s also analyze the appearance of the email for any deviations from the norm. Remember that real companies will never ask us for passwords or credit card numbers in e-mails.

Securely send large files

Cloud solutions like WeTransfer are generally safe, especially compared to email attachments. Before sending files, however, make sure the service offers end-to-end encryption. If not, it’s worth encrypting the data yourself and sending the password through another channel. End-to-end encryption ensures that the data is protected at every stage of transmission and can only be read by the sender and recipient.

When using such solutions, remember a few rules:

  • Use strong, unique passwords for each account. The ideal password should be long, with a combination of letters, numbers, and special characters. Consider using a password manager.

  • Activate multi-factor authentication (MFA) on all your accounts, such as email and social media.

  • Send time-limited download links. By setting an expiration time for links, you minimize the risk of unauthorized access. Some providers allow you to remotely delete files or revoke access once they are downloaded.

  • Encrypt files before uploading them to the cloud, and send the file password via another channel, such as SMS.

  • Use anti-virus software.

  • By exercising caution and following the above principles, we can effectively protect our data from cyber threats.

Similar Posts