Be wary of opening emails claiming to be from Dropbox. MailGuard intercepted a scam targeting inboxes this week and masquerading as Dropbox. To avoid being detected by email content scanners, in this attack cybercriminals have obfuscated the brand by writing ‘Dropbox’ with non-latin characters.
Image: Screengrab of Dropbox phishing email received today
The email links to a fake Office 365 site asking for your personal details, that redirects to a malicious PDF file.
Dropbox is regularly targeted by scammers, like in this attack earlier this year: Beware: another fake Dropbox phishing scam. Dropbox is a favorite of cybercrime networks, due to the large number of users globally who use the service, and since the nature of the file delivery platform lends itself to delivery malicious files.
Check out Dropbox’s information on how to protect your Dropbox account from phishing and malware.
Compromised MailChimp accounts linking to malicious files
In a similar trend to Dropbox, this week MailGuard has also intervened in several other phishing scams, with emails containing links to archive files containing a malicous JavaScript file.
In these scams cybercrime networks are hijacking the MailChimp accounts of unsuspecting MailChimp users to distribute phishing scams. Please be mindful if you receive any unexpected mails.
In one such attack, the emails feature multiple variations of the same subject line, which refer to a fake infringement notice dated '10 November 2017'. In this run, the majority of the recipients appear to be accountants, who are presumably on a mailing list attached to the compromised account.
The display name is of an individual who we expect is a Director or similar legitimate representative of the firm, making it very difficult for recipients to identify it as a scam.
The email contains a link to an archive file hosted on a MailChimp Gallery, with a ZIP that contains a malicous JavaScript file.
How to protect your company from email phishing scams
Be wary of emails from people you don’t know that ask you to:
• view or download files
• click on links to services that you don’t subscribe to
• provide user names and logins.
Always hover your mouse over links within emails and check the domain they’re pointing to. If they look suspicious don’t open them.
For a few dollars per staff member per month, add MailGuard's cloud-based email and web filtering solution to your business security. You’ll significantly reduce the risk of new variants of malicious email from entering your network.
Keep up to date on the latest email scams by subscribing to MailGuard’s weekly update or follow us on social media.If you’re experiencing problems, you can speak to a cloud security specialist on 1300 30 44 30 or email expert@mailguard.com.au.
MailGuard free trial offers piece of mind against spam
For details on how MailGuard can protect your company learn more about our 100% obligation free MailGuard email security trial.
