Egnyte, WeTransfer spoofed in a phishing email containing link to ‘important’ legal document

Posted by Akankasha Dewan on 18 February 2019 17:26:32 AEDT

Confidential business documents such as contracts, legal documents and finance records are commonly passed on from one recipient to another via email. But how can you tell if links to such important documents are safe to click when they appear in your inbox?

That question became all the more pertinent when MailGuard detected a new phishing email scam infiltrating inboxes around late morning today (AEST). Using a display name of a compromised user, the email appears to be ‘generated by Egnyte’ and is sent via the software company’s domain.

The message body advises the recipient that the sender has shared a file with them, titled ‘UNSW Law Investment Document (Important)’. A link is provided to view the file, which is in PDF format. Here is a screenshot of the email:

Egnyte Social Image

Unsuspecting recipients who click on the link to open the document are led to what appears to be a authentic-looking WeTransfer email for sharing a file. A link is present to "view folder."

Wetransfer Egnyte

Clicking on the ‘view folder’ link leads recipients to an Office 365 phishing page, as per the screenshot below:

O365 egnyte

As you can see from all of the screenshots above, cybercriminals have utilized high quality graphical elements when spoofing all 3 brands: Egnyte, WeTransfer and Office 365. Their logos and branding have been incorporated with great care to make the email look as legitimate as possible, including tiny details such as copyright statements from WeTransfer at the end of page. Having convinced recipients that the email is actually from established brands, cybercriminals exploit the trusted reputation of the 3 companies to trick the companies’ immensely large customer bases into divulging their confidential data.

 This scam is also well-executed because of the nature of the document it purports to provide access to for the recipient. By stating the fact that it is an ‘important’ legal document, the email leverages on the curiosity of recipients, who may be interested to explore the confidential, intriguing nature of the document and click on it without too much hesitation.  

MailGuard urges all email users to be vigilant when clicking on any links in emails, no matter how important they may seem to be.

What is "phishing?"

Phishing is the practice of tricking email recipients into revealing personal information that criminals can exploit for gain. 

 Phishing emails go to a wide group of random people; it’s like a fisherman casting a wide net to see what he can catch. The attackers know that not everyone will respond, but they know that if they send enough emails out somebody will probably take the bait.

 A phishing attack message will typically include a link that will send the unwary victim to a fake login website. Once there, the user will be asked to enter username and password data which will be automatically captured by the phishing page.

Scammers use phishing pages to collect login credentials for email accounts, bank accounts, and a wide range of other online services. 

Take Action to Defend Your Business

Phishing attacks can be enormously costly and destructive, and new scams are appearing every week. Don’t wait until it happens to your business; take action to protect your business and your staff from financial and reputational damage, now.

For a few dollars per staff member per month, add MailGuard's cloud-based email and web filtering solution to your business security. You’ll significantly reduce the risk of new variants of malicious email from entering your network. Talk to an expert at MailGuard today about your company's cybersecurity needs:

Keep up to date on the latest email scams by subscribing to MailGuard’s weekly update, or follow us on Twitter @MailGuard.

Keep Informed with Weekly Updates


^ Back to Top

Topics: Phishing email scam Cybersecurity cybercrime office365

Back to Blog


Something Powerful

Tell The Reader More

The headline and subheader tells us what you're offering, and the form header closes the deal. Over here you can explain why your offer is so great it's worth filling out a form for.


  • Bullets are great
  • For spelling out benefits and
  • Turning visitors into leads.

Recent Posts

Posts by Topic

see all