Using bulk transfer as phishing to deliver payloads
Attackers can also utilize bulk file transfer software, such as Smash, Hightail, Terashare, WeTransfer, SendSpace, and DropSend. Let’s take a simple scenario: assume we have targeted two people, a finance administrator and a CEO. Attackers can simply send files between these two victims, visiting one of the bulk transfer websites, such as sendspace.com
, and upload a malicious file, while setting the sender as [email protected]
, and [email protected]
as the receiver. Once the file is uploaded, both parties will receive the emails with the file link; in this case, [email protected]
will receive an email stating that the file was sent successfully, and [email protected]
will receive something similar, as shown in Figure 5.39:
Figure 5.39: Sendspace bulk transfer emails
Most of the time, these bulk transfers are not on the blocked list in a corporate environment (if one is blocked, attackers...