Listen to Audio
It is becoming increasingly common for major companies to be spoofed by phishers in an attempt to defraud the company’s clients. The phishers send an email which as designed to look like legitimate emails from the organization in question.
They will include logos, graphics, and even personal information about the target that they found online. In addition to causing the victim severe financial damage, the attacker may irreversibly damage the company’s reputation, even if they are not the ones directly at fault.
Many major companies have been spoofed, from Google to PayPal. In April 2017, Dropbox was subject to not one, but two, spoofing attempts. Dropbox is a major file-sharing platform with over 500 million users, and therefore an attractive target for phishers, who can target millions of people at once.
Methods to Fool Customers
There are several attack routes that spammers have used to spoof Dropbox and try to fool customers into giving them sensitive information such as passwords.
Other attacks involve emails which encourage a user to download a certain file, which contains malware designed to retrieve the personal information off of a person’s laptop.
No matter what route, they all have the same end-goal; to gain unauthorized access to private information which the attacker can use for personal gain.
Appearance of Spoof Emails
One way attackers designed emails such that they look like legitimate Dropbox emails was by making them look like regular Dropbox file sharing emails that clients get once a contact shares a file with them.
However, hovering over the “click to view file” button reveals a different URL to what one would expect, which links to the fake page that the scammer set up.
This fake page contains further fake links to popular email providers, inviting the user to login. However, these link to fake email login pages. If a user were to input their data, the scammer would receive the information and therefore would have access to the user’s email accounts.
Dropbox never asks for email login details when a legitimate file sharing email is sent, so this is a big clue that this is in fact a phishing attempt, instead of a legitimate file sharing request.
The second Dropbox scam which occurred in April 2017 was an email that claimed to come from a company wanting to place an “urgent order” and requesting that the user downloads a file with the details. The email was more obviously a phishing scam; it was addressed generically, not directly, and it tried to instil a sense of urgency for the user to act quickly and not think if the email was fake.
Furthermore, if one however over the “Download File” button, it is clear the link destination looks suspicious. It directs to a fake login page, from which the phisher can harvest any data inputted into the site.
Dropbox offers a great deal of information on their website on how to spot a phishing attempt, and instructions on identifying if an email if legitimate or fake. Any suspicious emails should be reported to Dropbox so that they can spread awareness of the phishing campaign and help prevent more of their users from falling victim to the scam.