Stay Safe: Phishing Moves to the Next Level – Meeting Invitations and File Transfer Links

A very unusual and alarming thing happened yesterday.

Remember, my original career was in technology. I’m very sensitive about online privacy, cybersecurity, and compromised data. We are so heavily dependent on online everything today that with one misstep, your bank account could be drained in the blink of an eye. And no, I’m not being hyperbolic. Please take this seriously.

Let’s take a look at what happened.

Bogus File Transfer Notification

Today, I received a new type of scam email – a WeTransfer from my email at DNAexplain to my email at DNAexplain. Yes, from me to me.

This file transfer is clearly NOT FROM ME and you may receive the same thing – from me or someone else.

If you do, ABSOLUTELY DO NOT DOWNLOAD THESE FILES TO YOUR SYSTEM!!!

Also, do not right-click to download photos or images in the email itself if you use Outlook or an email client on your desktop.

Delete the email immediately, then delete it from your trash folder. You want it to be removed entirely.

Whether you receive something like this from me or someone else, always CHECK  FIRST and be sure the sender actually did send you the files it says were sent. Don’t let your excitement overrule your sense of caution.

Clues

Your first clue, in this case, should be that the email was actually NOT SENT from WeTransfer.

Here’s what the email header looks like. Notice that the email didn’t actually originate with WeTransfer. Someone created an email that looks like the WeTransfer emails, but the actual sender isn’t WeTransfer. You can easily mouse over the sender to see who sent the email if it’s not displayed. However, remember, addresses can also be spoofed – so don’t let that alone reassure you.

Legitimate WeTransfer emails show noreply@wetransfer.com as the sender. Here’s an old one I happen to have.

Note that the name isn’t capitalized and the grammar isn’t correct. This is probably not a native English speaker, but with social media, we have become somewhat numb to grammar and misspellings. A legitimate business email is unlikely to contain these errors. I have many colleagues and friends who do not speak English as a native language and they don’t make these errors.

These emails try to excite people into clicking before thinking. One of the file names towards the bottom (not shown above) says “Payment Certificate,” which for a business is an enticement. I’ve seen other phishing scams that say things like “payment authorization,” “birthday party photos” and even “grandma’s photo.” As a genealogist, that could suck you right into their trap.

Malware

Malware, designed specifically to compromise your safety, is delivered through a variety of mediums including:

  • E-mails with either attachments or links. Don’t open and don’t click, NO MATTER WHAT unless you are actually expecting something from someone. And even then, verifying through a different communications avenue is smart. DO NOT reply to the questionable email asking if the sender sent it. For example, my friend sent me a phone text with a link. I asked him through Facebook messenger if he sent the link and what it is. I may or may not ever click on it, especially if he forwarded something he found elsewhere to me.
  • Text and messenger links including Facebook, Skype, Slack, and other tools. If someone says things like, “I bet this hero dog won’t get 10 shares,” absolutely DO NOT click, forward, copy or share. Someone is attempting to manipulate you using your own emotions and desire to do good things.
  • Facebook games. DO NOT PLAY!!! It doesn’t matter what your name means. It does matter that you’ve allowed that app access to your information where they can then harvest personal information that you share. For example, you may play other fun games with your friends, like the states you’ve visited or those 20 questions. Bad actors use that information for social engineering. Also, don’t accept friend requests from people you don’t know, and don’t make public posts that are literally visible to the entire world. Facecrooks writes about all kinds of Facebook scams on their Facebook page and on their website as well, including how to lock your account down.
  • Transfer programs or cloud links. Someone sends you a link to files or photos through a cloud-based link or transfer program, like WeTransfer or shared Google documents. If you were not expecting something like that from that particular person – don’t click. I’m verifying everything now since I received that dodgy transfer from myself. If you receive something unsolicited from me or anyone else, DO NOT CLICK ON THE LINK unless you have verified in some other way that the real sender actually sent that specific item.
  • Calendar invitations, like Zoom for example. I received a fake invitation today. Yes, scammers have also invaded those as well.

Meeting Invites

Given the uptick in Zoom and other electronic meetings, it’s not surprising that cyber-crooks have infiltrated that space with phishing too.

I never really thought about that until today. Yes, a second “new style” phishing attempt arrived today too. What is this – worldwide phishing day?

These attempts are becoming quite pervasive, which is why I’m warning you.

I received this meeting invitation. It looked “odd” to me. However, my first glance saw the title, Payment Discussion Meeting. That would get anyone’s attention – especially if they are owed money or contract with any business.

However, I also realized this looked “odd.” So instead of clicking, I evaluated the invitation.

Here is the list of alerting issues that the invitation is fraudulent.

  1. “Payment Discussion” is designed to immediately grab your attention and overpower any caution you might have.
  2. Calendar invites or requests are from a person, not a “calendar event.”
  3. Calendar invites show all of the people invited. This shows one person, me. But at the bottom, it says that 4 people have accepted. But 4 people weren’t invited. This is designed to encourage you to accept to see who else has already accepted.
  4. Note that this email is labeled as “external” meaning that it originated outside of the organization. This will vary by invite and group and may say that people are not in your contact list. The take-away is that it’s not “normal” for invitations that I receive.
  5. This is not the normal meeting icon for these types of meeting invitations. I compared it to a known legitimate meeting invitation.
  6. There is no meeting link. There is always a meeting link in that location.
  7. I have no idea who Otis is. This is another enticement and why some people might click.
  8. This is an invitation, but no meeting time is specified. That never happens. You get invited to a meeting at a particular time, not just in general.
  9. The two dates don’t match. One says the 12th and one says the 15th.
  10. There is no list of names of who else is invited and who declined or accepted. That’s always present in the meetings I’ve been invited to.

There’s one more item that raises suspicion too – can you spot it?

What’s Safe?

It’s very difficult to know what’s safe. Always start out assuming everything isn’t. Yes, I know that’s not how people are wired – but it’s time to shift your perspective.

I highly recommend KnowBe4 – at this link. Many corporations use KnowBe4 for training and they offer free tools.

They also have an educational blog and offer free webinars.

Another good resource is Krebsonsecurity.com.

Please note that these are NOT affiliate links – just products and companies that I know are safe and work. Be careful when googling about security and stay with known current sites like PC Magazine’s security suite evaluation, for example. If you click on the wrong “security advice” link, that could be bogus too.

Your Safety Depends on Your Behavior

The bottom line is that your safety depends on your own vigilance and suspicion. Start out suspicious of everything and move from suspicious to reassured – not the other way around. Create an evaluation routine or checklist for yourself so you don’t stray from the safe path.

  • When possible, especially for all money-related accounts, enable two-factor authentication where the vendor texts or emails you a code to enter in addition to your password. Yes, it’s a pain, but the results of not using two-factor authentication are more painful.
  • If it sounds too good to be true, it probably is. Full stop!
  • If the topic or email arouses excitement, curiosity, sympathy, or anxiety, that’s probably by design and may signal that the sender is trying to manipulate your behavior through your emotions.
  • Always, ALWAYS mouse over links before clicking.
  • Verify. Verify. Verify. It’s easy to verify in advance but you cannot put the money back in your bank account once it’s gone. These fake websites look for all the world exactly like the real ones and you’re entering your user ID and password – giving them directly to criminals.
  • Use Antivirus software and VPNs like Norton, McAfee, BitDefender, or similar mainstream, well-known products to improve your online safety. Remember that they can’t always save you if you engage in risky behaviors and click on things that you shouldn’t.

Various products intercept some viruses and malware, but criminals are always cooking up something new.

Convincing you to do something unsafe through social engineering, like provide your account and password information is not something that security software can protect you from. I receive multiple emails daily informing me that I need to update my email password and account. Yea, right – and I’ve won the lottery too, a Nigerian prince is leaving me money and the IRS is going to arrest me unless I buy them Apple gift cards immediately. (Huge eye roll!)

Even the best software tools cannot protect you from yourself if you reveal information you shouldn’t through social media or social engineering manipulation. This is exactly what happened and continues to happen with the recent ransomware attacks. All it takes is one person that lets their guard down and the bad guys are in the door.

Novel phishing attempts are becoming much more prevalent. These crooks are very intelligent.

Don’t let this happen to you. Educate yourself. Protect yourself. You are your first and last line of defense.

You’re welcome!

_____________________________________________________________

Disclosure

I receive a small contribution when you click on some of the links to vendors in my articles. This does NOT increase the price you pay but helps me to keep the lights on and this informational blog free for everyone. Please click on the links in the articles or to the vendors below if you are purchasing products or DNA testing.

Thank you so much.

DNA Purchases and Free Transfers

Genealogy Products and Services

Books

Genealogy Research

4 thoughts on “Stay Safe: Phishing Moves to the Next Level – Meeting Invitations and File Transfer Links

  1. Roberta: Great article, I just hope your readers checkout the links you supplied. I started working on Computers in 1973, when memory cores were real wire cores and the largest memory core you could buy was “32 MB”! My how times have changed! Keep up the good work from a newbie genealogist!

  2. I would have been alerted by the language: “I prepare the last one and send it to print.” Not only sloppy English but makes no sense in any context for this “meeting.” Also, “you receive some file from …”

  3. excellent article. one small comment – i almost never capitalize any word, names, etc. unless the intent would not be clear. i can only type with one hand, and going back to add caps takes an inordinate amount of time. i hope people do not suspect me of malicious intent.

Leave a Reply to gigi656971 Cancel reply