A new case of abuse of the Internet page WeTransfer used for free Internet database transfer up to 2GB was detected yesterday. This phishing campaign uses an illegal ascmgpr[.]ir domain posing as WeTransfer website.
Since the ascmgpr[.]ir domain is still active, caution is advised to the users of Internet, to pay attention to all e-mails sent by WeTransfer. Since the contaminated mail looks different than the regular one, the National CERT advises all users to check if the link downloading the content is legitimate and whether or not it leads to wetransfer.com domain, before opening it. This can be done by placing the mouse on the Download link without clicking, which then reveals the address of redirection (see picture below). If the domain is not wetransfer.com, the content is not safe for downloading.
It is also possible that the users receive similar messages from info@cert.rs e-mail address. Such e-mails should not be opened.
For more, please visit: https://wetransfer.zendesk.com/hc/en-us/articles/208554176-Phishing-attempts-and-weird-WeTransfer-imitations.