These fake Dropbox emails look legitimate, but they’re both phishing scams that work differently. One tries to steal your Dropbox password with an order request that looks like it’s from an actual company. The other tries to steal your email password with a fake file sharing request. Help coworkers recognize phishing attacks and get tips on blocking these in your spam filter.
Dropbox email spam is very common. Some of these scams try to lure you into downloading a virus attached to or linked from the email. Others exploit the popularity of the file sharing service to get you to provide your username and password with a fake login page. The two we’re discussing here are of the phishing variety.
Fake Dropbox Message Center Email
The first phishing spam we’re highlighting this week is a variation on email scams that have apparently been impersonating a trading company since at least May of last year. Here’s what it looks like:
How It Works
This has some obvious signs of a phishing scam. First, it does not address you personally. Instead, it uses your actual email address. Also, the email sounds urgent, trying to get you to react quickly without thinking and click on the button. Finally, if you hover over the button, your browser will display the link destination (what we call the spammy URL) at the bottom of the window. The URL does not belong to the alleged sender.
There are also some peculiar features to this email that you don’t always see in phishing scams. Many of them are addressed to “Dear Customer”. This one uses your actual email address. While that’s more personalized, it’s not your name (which would appear in a “spear” phishing scam). This is clever because it makes the email seem personal without having to harvest any more of your information. Also, when you hover over the button, the link that your browser reveals ends with a URL parameter:
…/index.php?email=John@example.com
Do not click the link. It takes you to a very realistic but fake Dropbox login page:
Note that your email address is already entered in the Address box. That’s what the URL parameter does. It might also provide analytics info about you to the spammer.
If you have business with the trading company this email appears to come from, contact them safely (not using contact info from the email) before doing anything else. Regardless, do not go to this page or enter your password. Doing so would give the spammer your Dropbox login credentials.
Fake Dropbox File Sharing Email
The second phishing spam this week is a little different. It tries to steal your email login and password. The fake email that you get looks like it comes from someone trying to share a Dropbox file with you:
How it Works
Hovering over the button (do NOT click it) reveals the malicious URL at the bottom of your browser window. That would take you to a “Dropbox Business” landing page with fake links to popular email providers (like, Google, Yahoo, and Office 365). Here’s what it looks like:
If you were to click any of those links (don’t), a window pops up with a fake email login. Here’s an example:
That’s the phishing page. The spammer will steal your username and password and login to your account, sell the information on the black market or worse.
Original article by: SpamStopsHere