Using bulk transfer as a mode of phishing

Attackers can also utilize bulk file transfer software such as Send, Smash, Hightail, Terashare, WeTransfer, SendSpace, and DropSend.

Let's take a simple scenario: assume we have two victims, ceo and vijay. Attackers can simply send files between these two victims, visiting one of the bulk transfer website [email protected] as sender and [email protected] as receiver. Once the file is uploaded, both parties will receive the emails with the file link; in this case, [email protected] will receive an email stating your file is sent successfully, and [email protected] will receive something similar, as shown in the following screenshot. Sometimes, these bulk transfers are not on the blocked list in a corporate environment (if one is blocked, attackers can switch to another), so providing direct access to internal staff and creating an effective message and undetectable payload will provide a better success rate, without revealing the identity of the attackers:

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
35.175.201.245