• Dan Weis

Beware file Transfer Services

I received this phishing email yesterday, it successfully bypassed the email filtering as it was generated by a legitimate file transfer service called TransferXL. I actually received multiple copies of this email as they had been scraping the internet for email addresses to distribute this attack to. The email looks like this:

Upon detonating the email, it took me to the legitimate transferxl service and prompted me to download the file:

Download finished

Accessing the download it download a zip file with a fake remittance advice PDF inside:

Detonating the PDF, it contained a fake invoice and a link (see below) to access the document:

Clicking on view Document, it took me to a malicous credential harvesting page, prompting for credentials.

Clicking on the Outlook button, I was presented with a form, where i populated with dummy data.

Upon clicking submit it presented me with a random PDF on Welath Management, served up from a google drive.

As you can see its quite a simple process for an attacker to capture credentials from an unsuspecting victim.

Here are the domains/addresses the attackers have been using, as you can see below they are using 4 suspicous domains/services.

Always stay vigilant for these types of fake invoices and file transfer notifications!

#Hackproofyourself #phishing #webtransferservices #credentialharvesting

8 views0 comments

Recent Posts

See All