In the midst of the ongoing COVID-19 pandemic, file sharing platforms like Dropbox are as popular as ever among employees working remotely. It should come as no surprise that Dropbox continues to be a favourite among cybercriminals.
MailGuard has intercepted another scam email sent from a compromised Dropbox account. The email informs recipients they have received a P.O. in the form of a .PDF file.
Here’s what it looks like:
At the time of writing, the file has been removed by Dropbox and the link is currently leading to a 404 Error page.
This email scam is similar to the one we intercepted about a month ago, which used compromised Dropbox accounts to send emails containing phishing links.
While common, scams that are initiated from compromised file sharing accounts like Dropbox are particularly dangerous, for a number of reasons:
- The emails are sent from a legitimate account, so they are not likely to be blocked by email security services,
- The recipients are more receptive to the emails because they are from a legitimate service, and especially where the sender is known to them, and
- Because they may deliver a malicious payload, or simply a .PDF file like in the above example, and may direct users to external phishing pages to harvest credentials.
Cybercriminals frequently exploit the branding of global companies like Dropbox in their scams, because their good reputation lulls victims into a false sense of security, and with such a large number of users they are an easy and attractive target. Since the Dropbox service requires users to click a link to view, edit or download files, they are a convenient trojan horse for malicious attacks like this one.
Scams like these have a high likelihood of successfully tricking users, especially in the current climate. As mentioned above, with workforces becoming more remote in light of COVID-19, it is common for employees to use cloud file-sharing platforms like Dropbox when sharing confidential business documents with one another. Therefore, notifications like the above aren't likely to raise any alarm bells when they appear in an inbox, motivating users to click on the provided links without a second thought.
The Australian Cyber Security Centre also identified Dropbox as a vector for a cyber-attack that is targeting Australian public and private sector organisations. Prime Minister Scott Morrison revealed in a briefing earlier this year that the cyber-intrusion was conducted by "a sophisticated state-based cyber actor".
We encourage all users to exercise caution when opening messages from Dropbox, and to be extra vigilant against this kind of cyber-attack. If you are not expecting a file from the sender, do not open the email, download files or click through on the links. Check with the sender first, even if they are known to you.
If you’re unsure whether the email you have received is a legitimate notification from Dropbox, forward it to abuse@dropbox.com. The company also shares more information about staying protected from fraudulent emails on its support page.
Don't get scammed
If your company’s email accounts aren’t protected, emails like these are almost certainly being received by your staff. Cybercriminals know people can be tricked; that’s why they send out millions of scam messages and put so much effort into making them look convincing.
People are not machines; we're all capable of making bad judgement calls. Without email filtering protecting your business, it’s just a matter of time before someone in your organisation has a momentary lapse of judgement and clicks on the wrong thing.
One email is all that it takes
All that it takes to break into your business is a cleverly-worded email message. If scammers can trick one person in your company into clicking on a malicious link they can gain access to your data.
For a few dollars per staff member per month, you can protect your business with MailGuard's predictive and advanced email security.
Talk to a solution consultant at MailGuard today about securing your company's network.
Why not stay up-to-date with MailGuard's latest blog posts by subscribing to free updates? Subscribe to weekly updates by clicking on the button below.
