Daniel McShanag 30 July 2020 18:41:33 AEST 3 MIN READ

Caution: Cybercriminals are using compromised Dropbox accounts to scam email users

Dropbox is once again the subject of a new phishing campaign.

In the midst of the current COVID-19 pandemic, file sharing platforms like Dropbox are as popular as ever as employees working remotely share confidential business documents with one another via email. With millions of users, these platforms are an attractive target for cybercriminals intent on harvesting sensitive credentials from unsuspecting users.

Today, MailGuard has intercepted several variants of scams that are sent from compromised Dropbox accounts. One example includes a PDF file which purports to be a ‘Project Proposal,’ featured below.

DropboxScam_300720_1

Another example simply invites the recipient to ‘View’ the PDF file.

DropboxScam_300720_2

MailGuard expects these PDF files will most likely contain links to external phishing sites, seeking to harvest user credentials.  

Scams that are initiated from compromised file sharing accounts like Dropbox are particularly dangerous, for a number of reasons:

  • The emails are sent from a legitimate account, so they are not likely to be blocked by email security services,
  • The recipients are more receptive to the emails because they are from a legitimate service, and especially where the sender is known to them, and
  • Because they may deliver a malicious payload, or simply a PDF file like these examples, directing users to external phishing pages to harvest credentials.

Cybercriminals frequently exploit the branding of global companies like Dropbox in their scams, because their good reputation lulls victims into a false sense of security, and with such a large number of users they are an easy and attractive target. Since the Dropbox service requires users to click a link to view, edit or download files, they are a convenient trojan horse for malicious attacks like this one and may not raise any alarm bells.

The Australian Cyber Security Centre also identified Dropbox as a vector for a cyber-attack that is targeting Australian public and private sector organisations. Prime Minister Scott Morrison revealed in a briefing last month that the cyber-intrusion was conducted by "a sophisticated state-based cyber actor".

We encourage all users to exercise caution when opening messages from Dropbox, and to be extra vigilant against this kind of cyber-attack. If you are not expecting a file from the sender, do not open the email, download files or click through on the links. Check with the sender first, even if they are known to you.

Dropbox provide further information on their website https://help.dropbox.com/accounts-billing/security/phishing-virus-protection for users to report suspicious activity. The site asks users to “Report any suspicious items that appear to be from Dropbox by sending an email to abuse@dropbox.com.”


Don't get scammed

If your company’s email accounts aren’t protected, emails like these are almost certainly being received by your staff. Cybercriminals know people can be tricked; that’s why they send out millions of scam messages and put so much effort into making them look convincing.

People are not machines; we're all capable of making bad judgement calls. Without email filtering protecting your business, it’s just a matter of time before someone in your organisation has a momentary lapse of judgement and clicks on the wrong thing.

One email is all that it takes

All that it takes to break into your business is a cleverly-worded email message. If scammers can trick one person in your company into clicking on a malicious link they can gain access to your data.

For a few dollars per staff member per month, you can protect your business with MailGuard's predictive and advanced email security.

Talk to a solution consultant at MailGuard today about securing your company's network.

Why not stay up-to-date with MailGuard's latest blog posts by subscribing to free updates? Subscribe to weekly updates by clicking on the button below.

Keep Informed with Weekly Updates