Dropbox Scam: New Phishing Attack

Posted by Richard Price on 04 March 2016 15:22:27 AEDT

A new Dropbox phishing scam emerged last night, with cyber criminals trying to hack the recipient’s email account by harvesting credentials from a fake Dropbox form.

The scam invites users to login to view a file on the online sharing platform Dropbox. MailGuards cloud email filtering technology first detected and blocked this threat as it emerged late yesterday.

A sample of the email you should look out for is shown below:

dropbox-scam-another-phishing-attempt.jpg

The Dropbox scam appears from a named sender, who is likely to be known by the recipient.

The senders email account has been hacked into by the cyber-criminal: they are likely to have received the same Dropbox phishing scam recently and surrendered access to their email account, allowing the criminal to distribute the scam to the range of contacts in their address book.

By doing so, recipients are more likely to trust the emails content, being from a known friend or acquaintance.

Having clicked to view the file the recipient is then directed to a fake Dropbox landing page, where they are encouraged to sign in using one of several email providers, including Microsoft Outlook, Yahoo and Gmail.

dropbox-scam-another-phishing-attempt-two.jpg

dropbox-scam-another-phishing-attempt-three.jpg

Once the target enters their details, they are then directed to a document hosted in Google Docs which is clearly a separate sharing platform to Dropbox, and an indication that this isn't a legitimate process.

dropbox-scam-another-phishing-attempt-four.jpg

This fools unsuspecting recipients into thinking the scam is legitimate. However, youll notice the blue “Sign inbutton on the right hand side of the screen, confirming that the previous screen was actually a dummy page, used to steal their credentials.

The scammers now have access to the recipients email username and password which theyll use to distribute this and other scams further, while gaining access to all information and data within their account.

This scam is very similar to another Dropbox scam we reported last month. Through minor modifications in their approach, cyber criminals are often able to develop new threat variants which bypass existing security solutions.

As MailGuard operates in the cloud, our email-filtering technology is able to block these threats immediately upon detection, in real-time.

If youre experiencing problems, you can speak to a cloud security specialist on 1300 30 44 30 or email expert@mailguard.com.au.

For more tips on how to identify phishing emails like this Dropbox scam, you can read our article here.

Keep up-to-date on the latest email scams by subscribing to MailGuards weekly update or follow us on social media.

Keep Informed with Weekly Updates

^ Back to Top

Topics: Spam Phishing Email Security dropbox

Back to Blog

Comments:


Something Powerful

Tell The Reader More

The headline and subheader tells us what you're offering, and the form header closes the deal. Over here you can explain why your offer is so great it's worth filling out a form for.

Remember:

  • Bullets are great
  • For spelling out benefits and
  • Turning visitors into leads.

Recent Posts

Posts by Topic

see all