Phishers Attack Dropbox-Reliant Corporate Employees

PhishMe the security company recently cautioned employees of large organizations who habitually use Dropbox, a renowned file-sharing service, about one new phishing scam that cyber-criminals have launched to distribute e-mails containing malevolent web-links, on Dropbox.

PhishMe unearthed clue about one fresh Zip file having one screensaver being posted on Dropbox, but the file is really one CryptoLocker like ransomware. When end-users open the phishing e-mail, they're so duped with fake contents that they unwittingly click the web-link, which seemingly leads onto a fax message else an invoice.

Immediately when the web-link, associated with the .zip document, is clicked, its included screensaver plants the ransomware, which locks all files the end-user had stored on his hard-drive.

After this, the victim's browser shows a web-page displaying that he must pay a ransom of $500 in the form of Bitcoins that after a specified time becomes $1,000. To conduct the compulsory bitcoin crypto-currency demand as well as payment dealings, criminals utilize Tor a well known anonymity platform.

Disturbingly, phishing affects individuals just as it does big companies. When Microsoft conducted its 2014 Computer Safety Index Survey over 10,000 individuals, a total of 15% reported they'd turned phishers' victims encountering theft of $158 each as a mean amount.

Dropbox, which's fully aware about the threat, published online that it has by now blocked each-and-every sample named.

PhishMe explains the web-links within one and every sample takes onto masked .exe files that plant malicious software onto the victim's PC. When an end-user follows the web-link, he's led onto Dropbox for taking down one tiny .zip file that carries a disguised .scr file, which's really an executable, alternatively one screensaver for Windows. Since .scr and .exe files are treated uniformly incase of Windows OS, therefore the phishers merely required changing the name of their .exe file into a .scr file. Welivesecurity.com published this, June 3, 2014.

The security vendor therefore suggests PC-users to stay wary about unsolicited e-mails so as to avoid becoming targets of new phishing attacks. Besides, as the tactics change to more sophisticated ones nearly everyday, therefore, one must maintain the most updated anti-virus for his computer, it says.

» SPAMfighter News - 6/17/2014