Hackers have once again set their sights on Dropbox. The company has been the victim of two separate attacks both starting with an email.
The first attack, which was noted on SANS Internet Storm Center InfoSec Community Forums by Johannes B. Ulrich, is pretty convincing. The assailant spent time working on the site to make it look as though the user is receiving a genuine email from Dropbox.
Dropbox Phishing Scams Mimics Actual Site
However, instead of it being about a shared file, which is the most common way for hackers to spread their malware, it appears to be from the cloud company itself. The text claims that the user’s email has been subjected to an update making it more secure from hackers.
Now Dropbox needs the user to validate their account, through the provided link. The overall look and feel of the email seems legit. The hacker has even went so far as to spoof the email address that typically sends out these notifications. Yet, according to Dr. Ulrich, the email is one of the keys to indicate that the message is not real.
“The domain smtp.com is owned by an e-mail marketing service, and it publishes SPF records. The IP address the e-mail was sent from (18.104.22.168) is not in SMTP.com’s approved list.”
Dr. Ulrich goes on to explain that users click on the “Click Here” button, which redirects them to a .vn website based out of Vietnam and is on the blacklist.
Users can use a variety of email service to verify their credentials. However, once entered they are redirected to a Google Docs page. The phishing scam has went through great lengths to mimic Dropbox’s website.
Better Business Bureau Shuts Down Second Dropbox Phishing Scams Site
In a second attack, Dropbox users received messages indicating that another customer was sharing information with them. Users received an email that appeared to be from the FBI with a Dropbox document. When they clicked on the enclosed link, malware installed on their systems.
The Better Business Bureau has shut down the fraudulent website after complaints about the phishing scam.
The BBB reminds consumers to be careful when opening email links, even if it appears to be from someone they know.
Bill Fanelli, CBB Chief Security Officer explained:
“The emails look authentic, and they appear to be from someone the user knows. But the link goes to a fraudulent site that tricks the user into entering their login credentials, then installs malware on their computers, and sends phishing emails to everyone on their contact list.”
Users who have been victim to either scam should change their password. Additionally, customers need to un-link any connection made to your account by the hacker, which does not happen by simply resetting login credentials.
Dropbox provides instructions on how to disconnect other devices in their Help Center. Unfortunately, clients will have to go back in and reset their connections, but it is the only way to ensure the assailant does not still have access.
Dropbox also encourages users to set up additional security steps. The site supports two-step verification via either a code sent to the user’s cell phone or USB key.
We’d like to know what you think about the latest attacks on Dropbox customers.