Dropbox Phishing Scam Alert
A breakdown of the situation we witnessed:
A user received an email from what initially looked like a trustworthy source. The email contained a link to download a file and upon clicking the link the user was brought to a clone of the Dropbox website. The Dropbox page looks like the real deal. The user entered his login credentials which then gave the hackers access to his email as well as any accounts with the same login credentials.
You’ll see on the image below the the Dropbox site looks legitimate, but the highlighted URL gives it away that this is a clone site. Also, the links at the top of the site “Try Dropbox Business” and “Download the App” were not functioning links and you were brought back to the same malicious page.
- Don’t open attachments or click links from non-verified emails.
- Hoover your mouse over any hyperlinks before clicking and verify that the URL is accurate.
- If you believe you entered your information on a malicious website, first disconnect the computer from the network (shutdown or disconnect the wireless/Ethernet cable.) Then change account(s) passwords on a non-infected machine. Report the issue as soon as possible to BerganKDV IT firstname.lastname@example.org.
- Always pay attention to the website URL. Even if the site looks familiar, it could be a clone.