An email with a file, a “Download” button — and then social engineering kicks in.
Kaspersky Lab experts have warned of phishing attacks leveraging the legitimate file-sharing service GetShared. The incident came to light after a former company employee received a suspicious notification from the service. The email included a link to an archive named DESIGN LOGO.rar, accompanied by a message that claimed to be a business inquiry about prices, delivery times, and payment terms.
The recipient refrained from clicking the link and forwarded the message to cybersecurity specialists. Analysis confirmed that the notification was indeed sent via GetShared, a platform increasingly used by cybercriminals to bypass email filters. GetShared emails look like standard notifications: they include the file name, a short message, and a button to access the file. This allows attackers to disguise their phishing attempts as legitimate document exchanges.
According to experts, cybercriminals often rely on legitimate platforms to bypass spam filters and security gateways. Services like Google Calendar, Dropbox, and others are frequently abused for this purpose. As major platforms strengthen their filters and registration policies, attackers seek new loopholes — and GetShared has now caught their attention.
The main goal of such emails is to lure the recipient into communication. Even if the attached file is not infected, cybercriminals hope to initiate a dialogue and later exploit social engineering techniques. In some cases, the link leads to a malicious file; in others, to a phishing page or an executable attachment.
In the case of the email sent to the former employee, the mismatch between the archive name and the message content raised suspicions. The text referred to goods and pricing, while the file name suggested a design project. Additionally, the sender’s domain appeared dubious — a quick search revealed links to fraudulent activity.
Experts stress that receiving a file-sharing service notification without any prior business conversation is already a red flag. No major client would initiate file exchanges through a third-party service without previous arrangements.
