Phishing campaign targets Wise users (August 2024)

Sicherheit (Pexels, allgemeine Nutzung)[German]Brief information for Wise account holders, which I'm posting here on the blog as a precaution. There seems to be a phishing campaign targeting Wise users at the moment. I've noticed that my SPAM folder has been flooded with corresponding emails over the last few days. I'll briefly address the issue below.


Advertising

Who or what is Wise?

Wise, previously known as TransferWise, is a financial technology company focused on global money transfers. Headquartered in London, it was founded by Kristo Käärmann and Taavet Hinrikus in January 2011.

The fintech company is now listed on the stock exchange and started with a valuation of 7.95 billion pounds. So it's no longer a garage company and is of interest to phishers. But I don't have an account with them myself – I was sure of that.

Phishing campaign targets Wise users

Every day, my e-mail provider sorts out a considerable number of SPAM messages in my mailbox as SPAM. In addition to the constant warnings that my (non-existent) McAfee antivirus package had expired, I suddenly noticed emails about a Wise account in the daily SPAM notification.

Wise-Phishing-Mails

I then looked at this mail (written in German) directly online in the SPAM folder of my mailbox – I couldn't find anything immediately conspicuous.


Advertising

Wise Phishing-Mail

It says that Wise is security focused, and to protect the account and transaction, a security update is necessary. The user should log into the account linked within the mail. For me, it was obviously a phishing attempt. And it was classified as SPAM from my provider.

Virustotal doesn't report anything …

I then had the target link checked by Virustotal to find out whether anything was already known there. Unfortunately, the result was as expected – Virustotal does not consider the link to be malicious.

Wise Phishing-Link auf Virustotal

Either the campaign is still too fresh, or the phishers have set up the page in such a way that Virustotal is intercepted and its scanner does not recognize the link target as phishing.


Advertising

This entry was posted in Security and tagged . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

Note: Please note the rules for commenting on the blog (first comments and linked posts end up in moderation, I release them every few hours, I rigorously delete SEO posts/SPAM).