In the ever-evolving landscape of email-based threats, cybercriminals are constantly searching for new vectors to evade detection.
Recent reports indicate that the legitimate file-sharing platform GetShared has become a favored tool among scammers for distributing phishing messages and malicious payloads, effectively bypassing traditional email security gateways.
The attack typically begins with the target receiving an authentic notification email directly from GetShared, alerting them to a newly shared file.
These messages are nearly indistinguishable from regular service notifications, including accurate branding and a genuine file-sharing link.
In one observed case, the file was labeled as “DESIGN LOGO.rar,” a plausible filename designed to arouse curiosity or encourage action.
Accompanying such notifications is a classic phishing tactic: attackers pose as potential clients making inquiries about the contents of an attached file-often referencing product prices, delivery times, or payment details.
According to Kaspersky Report, this social engineering ploy leverages business etiquette, lending an air of legitimacy while masking malicious intent.
Why Cybercriminals Turn to Legitimate Services
The rationale behind such tactics is clear. Today’s email security systems reliably detect and block the overwhelming majority of direct phishing attempts, malicious attachments, and scam emails at the gateway level.
By leveraging platforms like GetShared, which are primarily designed to facilitate large file transfers, attackers can exploit the inherent trust placed in legitimate services.
While industry giants such as Google and Dropbox have continually strengthened their anti-abuse mechanisms, lesser-known platforms like GetShared present a fresh attack surface with potentially fewer safeguards in place.
Security analysts urge caution, noting that genuine business requests involving sensitive file transfers are seldom initiated via impersonal third-party services without prior discussion.
Best practices dictate that clients and suppliers should coordinate securely over traditional email before resorting to external links.
Alarm bells should ring if:
- The file type or name does not correlate with the context of the message-such as a design file attached to a query about an order.
- The sender’s address, though appearing in a formal notification, does not correspond with a known business domain or fails a basic authenticity check.
- The accompanying message contains vague or mismatched details that don’t align with the purported attachment.
In the cases observed, the phishing campaign used GetShared to distribute not malware directly, but rather a text file containing an invitation to engage with the attackers.
From there, the perpetrators sought to draw victims into extended social engineering attacks, with the goal of harvesting sensitive credentials or persuading targets to download further malicious content.
As attackers continue to weaponize trusted file-sharing platforms, the onus is increasingly on end-users and businesses to recognize the signs of a potential scam.
Security experts recommend verifying suspicious notifications, scrutinizing sender addresses and file names, and, most importantly, avoiding clicking unknown links or downloading files from unsolicited emails.
The rise of GetShared as an attack vector underscores the necessity for continual vigilance-even when a message appears to originate from a trusted service.
Find this Story Interesting! Follow us on LinkedIn and X to Get More Instant updates
