"Transfer.it" Phishing Attack

7/8/2025 11:30am:

We received a large number of phishing emails today, mostly targeted at executives, from the file sharing service "transfer.it".  This service allows anyone to anonymously upload any files to create a sharing link, and optionally supply an email address for that link to be sent to.  You don't have to verify your identity to upload a file, and you don't have to verify that you own the email address you provide. 

We have put a near-real-time rule in place to route any email from noreply@transfer.it to the recipient's junk mail, and we have gone back and moved all existing messages from today to Junk.

Here is how the attack works:

1. Bad actor uploads malware to the site.
2. Bad actor says their email address is "some-very-important-person@wwu.edu."
3. VIP receives email notification from noreply@transfer.it saying that their file has been transferred and is ready to be downloaded or shared, with a download link included in the email.
4. VIP clicks the link and downloads the malware.