Update: Cyber criminals have created new versions of the malicious "WeTransfer" email message, please view them in the comment section below.
The Fake WeTransfer Email Message
Subject: Someone has sent you a file via WeTransfer
From: WeTransfer (firstname.lastname@example.org)
You have received a new file.
Files (28 MB total)
Will be deleted on
12 October, 2015
Get more out of WeTransfer, get Plus
WeTransfer Contact Legal Powered by Amazon Web Services
The links in the fake email message do not go to the legitimate WeTransfer website located at https://www.wetransfer.com, instead, the links go to a compromised or hacked website.
The Compromised or Hacked Website
Once on the compromised website, the potential victims will be asked to sign-in with their Outlook, Hotmail, Gmail, Yahoo, AOL or other email accounts. Once the victims have entered their information in an attempt to sign-in, their email account's username and password will be sent to the cyber-criminals or scammers behind the scam. With the victims’ credentials or sign-in information, the cyber-criminals will gain access to their email accounts and use them fraudulently.
Therefore, the recipients of email messages, which appear as if they were sent by WeTransfer, claiming that they have received a new file, should ensure that when they click on any of the links in the email message, they are taken to https://www.wetransfer.com. If they are taken to any other websites, they should close the web browser window and delete the email message.
Recipients of the fake WeTransfer email message who clicked on one of the links in the fake email message and who attempted to sign into the fake website are asked to change their email accounts password immediately, before the cyber-criminals use their stolen credentials to lock them out of their accounts, by changing their passwords.