Akankasha Dewan 04 July 2019 16:07:56 AEST 3 MIN READ

Caution: 'Purchase order' email contains malicious link

MailGuard has intercepted a new email scam purporting to be from Dropbox.

First detected on Wednesday morning (AEST), the 3rd of July 219, the malicious email appears to be sent via a single compromised domain. It appears as if auto-generated from Dropbox, having incorporated the company’s logo in the email.

The body of the email message informs recipients that a new purchase order has been shared with them and includes a purchase order reference number. Recipients are advised to include this number “in all correspondence in relation to this order”. A link is included to view the purchase order.

Here is a screenshot of the email:

Dropbox scam social edited

Unsuspecting recipients who click on the button to ‘view file’ are led to a blank page that is not associated with Dropbox and is highly suspicious. It also contains an error message, as per the below:

dropbox broken link (2)

While no malicious content was displayed at the time MailGuard intercepted the email, recipients are advised that malicious third-parties can use these links as a platform for future attacks, possibly a phishing one.

MailGuard advises all recipients to delete these emails as soon as possible.

While it is still unclear that the malicious email, is, in fact, a phishing attack, it contains several typical elements of a phishing email:

  • use of a major brand name to inspire false trust; the incorporation of the Dropbox logo & colour scheme boosts the credibility of the email,
  • the inclusion of the purchase order reference number; this is typically expected of a well-established file-sharing platform such as Dropbox,
  • and attempt to intrigue; telling the recipient that someone has shared an unexpected file creates a sense of curiosity, motivating the recipient to click on the malicious link

As a well known and trusted company, Dropbox’s trademark is regularly used by cybercriminals as camouflage for their phishing attacks. In addition, the nature of the file delivery platform itself makes it easier to deliver malicious files.

Scammers often copy the Dropbox logo onto their emails to lend authenticity to their scams, a practice known as ‘brandjacking’.

Check out Dropbox’s information on how to protect your Dropbox account from phishing and malware.

One email

Cybercriminals use email scams to infiltrate organisations with malware and attack them from the inside. 
All criminals need to break into your business is a cleverly worded message. If they can trick one person in your company into clicking on a malicious link they can gain access to your data.

For a few dollars per staff member per month, you can protect your business with MailGuard's predictive email security.
Talk to an expert at MailGuard today about making your company's network secure: click here.


Stay up-to-date with new posts on the MailGuard Blog by subscribing to free updates. Click on the button below:

Keep Informed with Weekly Updates