Cybercriminals Exploiting Popularity of Dropbox - Warn Experts

Softpedia.com published news on 11th May, 2015 quoting a warning of security experts as "A new phishing email leveraging the name of popular file storage and sharing service Dropbox is presently rolling and targeting innocent netizens."

The fake email requests you to click on a link showing urgent and extremely confidential documents using the Dropbox app. It tells you to click on a 'Dropbox' URL to download documents and asks you to follow 'kindly do the needful.'

In fact, the phishing email has no link with Dropbox and the URL opens neither any urgent documents nor otherwise.

The fake email asks you to click on an enclosed link which, if clicked, takes you to a phony website or a phishing website which instructs you to login your webmail service provider to see the said document. The webpage contains clickable icons of many well-known email service providers comprising of Yahoo, Gmail and Outlook. The page also contains an icon of generic 'email account' aiming at populace with accounts not specially listed.

Clicking the icon matching your email service provider, will guide you to a second phishing page that asks you to submit your details of email account and password to 'login'.

The scammers masterminding the scam can gather credentials of your login details submitted by you and then employ them to compromise your email account.

Security experts highlight that unfortunately this scam is not new and cyber criminals are continuously changing the content of the message to adjust according to current trends.

The configuration followed in this case is a classic one having ambiguous details about the content mentioned in the message and clear information about the urgency of accessing the resources.

When users get such messages, they should take a moment and analyze these messages to look for signs of fraud. A genuine message from an online service provider is clear and addresses the user by his/her name which was provided at the time of registration.

Security experts, while analyzing the scam email, comment that lack of this element should create suspicion and it is enough reason for further investigation such as looking at the address of the sender of the email.

» SPAMfighter News - 5/22/2015