Phishing Alert: "Received AWB Documents via WeTransfer"

The Division of Information Technology( DOIT) recently received reports of a ‘file transfer’ phishing campaign. Below is an example of this phishing email. We removed the To field for privacy purposes.

This example originated from <offices@mekre-net.uno>; however, there are several more senders: 

• <noreply@wetransfer.com>

• <revor@secaipl.club>

• <pombhurna.de@mahapwd.com>

If you receive a similar email, please forward it immediately to: security@umbc.edu along with the headers.

At first glance, the download link seems to originate from Wetransfer.com, however if you look closely, there is a comma between Wetransfer and com: 

Another flaw in the link is that copying the link address will take you to a completely different domain, https://firebasestorage.googleapis.com. Below is the full link and its website.

This format is similar to a previous phishing email. However, the background is different, and the link takes you directly to https://firebasestorage.googleapis.com and asks you to log in.

If you have received this email, please DO NOT CLICK on the link. However, if you have clicked on the link, DO NOT ENTER your password. If you entered your UMBC password, immediatelyCHANGE your password.

If you have received any message similar to the one listed above, please forward it with its headers tosecurity@umbc.edu. For instructions, visit: https://wiki.umbc.edu/pages/viewpage.action?pageId=1867970.

______________________________________________________________________________________________________________________________________

Receive any suspicious emails?

Forward it to security@umbc.edu along with the email headers. For instructions, visit: https://wiki.umbc.edu/pages/viewpage.action?pageId=1867970.

Follow us on myUMBC:https://my3.my.umbc.edu/groups/itsecurity.