Internet Security Fundamentals - Online Edition

38 File Transfer Services

While the speed of our internet connections has greatly increased over the years, the size of attachments that many email systems will accept is still quite small compared to the size of the files we can now generate. Gmail has an attachment size limit of 25Mb, while Office 365 ranges from 150Mb to 25Mb depending on how you access it. It doesn’t matter though how large an email you can send is, if the receivers email system cannot accept it and even today, I encounter businesses with 10Mb file attachment limits.

 

To address this issue cloud services have appeared where you upload the file you want to send to them, and a download link is sent to the recipient via email. These systems include (but not limited to) Google Drive, Microsoft OneDrive, Dropbox, Box, Hightail (formerly youSENDit) and WeTransfer which offer up to 20GB file transfers. These are often targeted by criminals masquerading as legitimate file transfers using these systems, because there is nothing malicious in the actual email itself, so it passes straight through a lot of email filters.

 

Below is an example of a fake Google docs shared file I received and a real one. 

The second one is the real one, though it is hard to tell at first glance. It is possible to make a fake file sharing email look exactly like a real one and only by checking where the link is going would you be alerted to the fact it is fake. In general, it is a good idea to treat all file sharing emails with suspicion especially if you were not expecting it or anything even looks slightly odd. Hover over any links because what’s written and where they say they go may not match. If you are not sure, carefully copy the link and paste it into a safe link checking website like https://www.virustotal.com and select the URL option.

 

Genuine links start like this:

Google Drive https://drive.google.com/a/...................
Google Docs https://docs.google.com/a/...................
Microsoft OneDrive https://onedrive.live.com/...................
Box https://app.box.com/s/...................
Dropbox https://www.dropbox.com/s/...................
Hightail https://www.hightail.com/download/...................
WeTransfer https://www.wetransfer.com/downloads/...................

A fake link will either download a malicious file onto your computer that you then have to open or will take you to website that hosts an exploit kit that will try to automatically compromise your computer. You may also receive the file that was originally promised as well so not to arouse suspicion. Also, be wary of any download links claiming to be from Microsoft or Google that then ask you for your email and password to that email service in order to access the shared filed. The same applies to cloud storage services like Dropbox and Box, if anything unexpected asks you to sign in, stop and assume its fake until you have verified the link address. Remember looks can be deceiving like this fake Dropbox email.

Things get trickier when it comes to corporate email as there are no standard domain names for the links, as the company web domain could be used or a host of different service providers, which people may never have heard of, but actually be genuine. Once again if you receive an email from a company with a document link you weren’t expecting, just because it looks real, doesn’t mean it is. If you are ever asked to login using your Microsoft credentials to access a document, chances are it’s fake.

Recently criminals have starting using links from legitimate transfer services (albeit free tiers) like Box and WeTransfer to hold PDF and HTML files that contain another malicious link, often to a fake login website to phish you. These tend to pass through email filters as the link is not fake and the destination file cannot be scanned by email security systems. The warning sign here is the size of the file being transferred or the file type. There is no real reason to use a large file transfer service for a tiny file, like in this example for a 280 Bytes (0.00028 MB) HTML file.

Criminals can also register web domains that seem perfectly valid like this fake OneDrive website at office365securedocument.co.uk. Just because it looks plausible, it doesn’t mean it is.

Index or next chapter Spam (Junk Email)


Like what you see? Purchase an offline copy (PDF is updated quarterly)
Also, volume Licensing available for up to 100 copies from £0.40 a copy