now browsing by tag
Hackers use familiar brands like Dropbox to steal login
credentials and spread malware
It’s funny how hackers, phishers, and scamsters can be blatantly obvious and inexplicably unpredictable at the same time. I’m saying obvious because they target the most widely used services/platforms and lots of users know what they’re up to — not just security professionals, but many ordinary users know about these phishing scams and what to look for. Phishers might be predictable in going after big names but it’s the unpredictability in their approaches that makes them tick. Time after time, they come up with new ways that help them achieve exactly what they want and make them “successful.” The Dropbox phishing scam is a perfect illustration of this.
The Dropbox phishing scam surfaced around a
year ago and made headlines in many popular publications. It hasn’t gotten as
much attention recently, but even after a year, attackers are still targeting
users using this same-old trick. And therefore, you need to know about it.
Let’s hash it out.
Dropbox Phishing: It All Starts
with a Simple Email
This is how it all starts: You receive an
email (either text or HTML-based) from a person saying they have shared an
important document with you. The email looks a lot like an official Dropbox
email and has a link to access the document. To make it look authentic, some of
these emails include actual links to Dropbox in the footer of the email. These
Here’s a pretty simple example:
Check the “From” Details Carefully
As you can see in the screenshot above,
this phish email has “Dropbox” as its sender’s name. It’s easy to fall prey to
this as the sender name and the email style make it look like an actual Dropbox
However, if you look closely, you’ll see
that the from email address and the embedded link are clearly not Dropbox.
However, if you’re skimming through your
email (as many of us do), it’s easy to fall for this Dropbox phishing scam.
Once you click the link, the URL takes you to a web page that looks almost
exactly like an actual Dropbox login page.
More advanced Dropbox phishers take the
scam to the next level…
Check URLs Carefully — Even If They Include “Dropbox”
Some Dropbox scammers are carefully picking
URLs that look official at first glance.
For example, they will include common keywords such as “Microsoftonline” or “Dropbox” in the domain or subdomain to make it look like a genuine domain:
HTTPS URLs Aren’t Always Safe
And the cherry on the top is how phishers
use fake HTTPS URLs. So, the link that you’re being redirected to isn’t an
HTTPS link. It has HTTPS in the link text, but not as the protocol. If an SSL
certificate protects a website, it will look like this: https://www.(website name).com/. The
fake Dropbox URL looks like www.https-(fake website
name).com. See the difference?
Another trick that phishers have recently adopted is using an HTTPS website. No, the previous sentence doesn’t contain any technical error; it’s a fact that most phishing websites feature HTTPS now. In such cases, users are more likely to fall for it as they’re trained to look for that secure padlock.
Phishers are a Poor Man’s Magicians: Here’s How to Catch Them
What do magicians and phishers have in common? Well, they both take advantage of our psychological limitations to distract us and make us look where they want us to.
However, the silver lining here is that the
phishers are far from good magicians. A great magician can take their secrets
with them to the grave. But with a bit of concentration and training, you can
catch almost every phisher.
So, here’s how you can CATCH the PHISHers
(Got it ?).
Check the Email Address
First of all, you should always check the email address of the sender. Is the email sent by someone you know? Is the email coming from Dropbox’s (or any service provider’s) list of official domains? This is the first thing you must check, and you should not proceed further if the email is not familiar and/or it’s been sent from a domain that’s not been mentioned in Dropbox’s list of its official domains.
experience, doing this one check will protect you from most email phishing
attacks as hackers shouldn’t have access to Dropbox’s official domains.
However, you should be cautious even if the email appears to be from an
official Dropbox domain as some email servers are not configured to check
SPF/DKIM records, so spoofed emails will be let through.
Check the Link URLs
If the email
passes the first security check, then you should check the links in the email:
- View the web page in your
browser and check for “https” at the start of the URL. It should look like https://www.(website name).com/. (Note: Google Chrome
hides the https:// until you double click in the address bar.)
- Once this check is done, you
should again go back to Dropbox’s list of official domains and then check if this
domain is on the list.
- To double-check the
authenticity of the website, you should also check the SSL certificate Dropbox
uses. As you can see in the screenshot, Dropbox.com is protected by a DigiCert
EV (extended validation) SSL certificate and this certificate has been issued
to Dropbox, Inc.
means that the certificate authority (DigiCert, in this case) did an extensive
verification of Dropbox, Inc before issuing the certificate. This way, you can
be sure that the website you’re on actually belongs to Dropbox.
What Could Happen If You Fall Victim to the Dropbox Phishing
the data of more than 500 million users and 200,000 businesses, and it’s the
most significant cloud sharing and storage company in the world. Putting a
malicious file in just one employee account could be a brutal blow to the
privacy of an entire organization. And it’s not just the privacy, but the
existence of a business could be at stake—that’s a good enough reason to take
your Dropbox security pretty seriously, don’t you think?
Unfortunately, that’s not where it stops. A phisher who has taken complete control over your account and associated data using malware could demand a significant ransom if you want your account back. In technical terms, this is called ransomware.
The consequences of Dropbox phishing could be even more brutal if you’re one of those persons who uses the same password pretty much everywhere. Every bit of information you have on the internet could be in the hands of the attackers. Just think about it!
Hackers may also
scan your account to automatically find valuable data in your saved documents.
This could include customer data, payment details, login credentials for other
platforms, or anything else you might have that’s sensitive.
Last Word on Dropbox Phishing
All scammers — whether in the real world or online — take advantage of our human limitations. Either they make us see and feel something that isn’t there, or maybe they give us some lucrative incentive to distract us (we’ve all heard of the Nigerian Prince scam, haven’t we?). With a little bit of awareness and concentration, you can be a step ahead of all the phishers.
Tip of the day: Remember to look where you want to, not where they want you to.
*** This is a Security Bloggers Network syndicated blog from Hashed Out by The SSL Store authored by Jay Thakkar. Read the original post at: https://www.thesslstore.com/blog/dropbox-phishing-scam-dont-get-fooled-by-fake-shared-documents/
View full post on National Cyber Security
When Thomas Hansen first started in the technology sector 25 years ago selling computer hardware in Denmark, he was strongly encouraged to use a software system that was flawed and hated throughout the office. “It was a horrible system and we all hated it, but it was a condition of employment so we used it to its bare minimum,” Dropbox, …
The post How Dropbox relies on partners to expand its reach appeared first on National Cyber Security Ventures.
View full post on National Cyber Security Ventures
Reports of data breaches and cyberattacks are serious, but what happens when those claims are untrue? According to Krebs on Security, last week, several identity theft protection companies incorrectly named Dropbox as the source of a data breach that compromised nearly 73 million usernames and passwords. In fact, the data was actually compromised due to […]
View full post on National Cyber Security
Chinese hackers used malicious software to monitor journalists and activist groups involved in the Hong Kong protests this year, according to new research from the cybersecurity company FireEye. Attackers used Dropbox and other cloud storage providers to communicate malware after targeting users with a phishing message. The hackers launched a spearphishing campaign, which involves targeting a specific person with an email that appears to be from a known source, against Hong Kong-based media organizations and protest leaders in August 2015. There is evidence of Beijing’s concern with Hong Kong, where 79 days of pro-democracy demonstrations brought the semi-autonomous city to a halt in 2014. FireEye stopped short of directly linking the Chinese government to the hack but stipulated the attack had the sophistication level of a nation state. “The media organizations targeted with the threat group’s well-crafted Chinese-language lure documents are precisely those whose networks Beijing would seek to monitor,” FireEye said in a blog post published Tuesday. “Cyberthreat groups’ access to the media organization’s networks could potentially provide the government advance warning on upcoming protests, information on pro-democracy group leaders, and insights needed to disrupt activity on the Internet, such as what occurred in mid-2014 when several websites were brought down in […]
For more information go to http://www.NationalCyberSecurity.com, http://www. GregoryDEvans.com, http://www.LocatePC.net or http://AmIHackerProof.com
The post Chinese Hackers Used Dropbox To Monitor Hong Kong Activists, Journalists: FireEye appeared first on National Cyber Security.
View full post on National Cyber Security
When Dropbox is already in pain, appointment of Condoleezza Rice to board has grown more pains, but this time the hubbub concerns privacy and PR versus performance issues.
That appointee Dr. Condoleezza Rice, is both former Secretary of State and National Security Advisor.
Dropbox also confirmed two other leadership hires at that time: the promotion of Sujay Jaswa to chief financial officer and the addition of former Motorola Mobility CEO Dennis Woodside as chief operating officer.
At this point in time, it doesn’t look like Dropbox is going to budge to users’ fury, which has already spawned a group of protesters rallying around the hashtag “#DropDropbox.”
The collective outlined a number of points as to why they think Rice should be removed from Dropbox’s board, much of which concerns government surveillance and privacy concerns.
This is all the more heightened following the revelations about the National Security Agency’s previously-secret data mining program, PRISM, which came to light last June via documents leaked by former government contractor Edward Snowden.
In those documents, the datacenters belonging to at least nine tech giants were used as sources for the PRISM program. Dropbox was not among that pool, but it was said to be next on the list.
Dropbox CEO Drew Houston finally issued a response on Friday afternoon, emphasizing the company’s commitment to user privacy while also defending the decision to keep Rice on the board.
“We should have been clearer that none of this is going to change with Dr. Rice’s appointment to our Board. Our commitment to your rights and your privacy is at the heart of every decision we make, and this will continue.
We’re honored to have Dr. Rice join our board — she brings an incredible amount of experience and insight into international markets and the dynamics that define them. As we continue to expand into new countries, we need that type of insight to help us reach new users and defend their rights. Dr. Rice understands our stance on these issues and fully supports our commitments to our users.”
The post Controversial appointment of Condoleezza Rice’s in Dropbox board appeared first on Am I Hacker Proof.
View full post on Am I Hacker Proof