A Phishing Email Campaign Recently Exploited Dropbox

According to security firm Symantec, file storage service of Dropbox was employed for a tricky phishing campaign although the service (referring to Dropbox) was quick to shut it down.

The scam consists an email entitled "Important" notifying that the recipient has he has been dispatched a document which is too huge to be electronically emailed or cannot be emailed owing to security reasons. The email asserts that the said document can be seen by clicking on a link enclosed within the message but the link opens a bogus Dropbox login webpage hosted on Dropbox itself.

The phony login page is hosted on user content domain of Dropbox (like shared images and other files are) and is given over SSL which makes the attack more convincing and dangerous.

The page looks similar to a genuine login page of Dropbox with only one major difference. The cybercriminals are interested in phishing more than just credentials of Dropbox; they have also involved logos of renowned Web-based email services indicating that users can login with these credentials as well.

On clicking the "Sign in", credentials of the user are directed to a PHP script on a hijacked Web server. Details are also submitted over SSL (Secure Sockets Layer) which is significant for the effectiveness of the attack without which users would witness a scary security warning.

Csoonline.com published news on 20th October, 2014 quoting an explanation of Nick Johnston, Security researcher of Symantec, as "The warning importance varies from one browser to another; some browsers simply alter the padlock symbol highlighted in the address bar while others consist of a small banner at the peak of the page but users may not see these security warning or the associated implications."

Earlier this year, criminals used shortened URLs to direct victims to phishing domains which requested many types of credentials like the campaign which Symantec has now detected.

Only one landing page requested Gmail, AOL, Yahoo, Live, Windows or any other account as per their wish via an option labeled "Other emails". The landing pages were designed to mimic Microsoft's OneDrive, Facebook, Google Docs inspite of re-launching of the service under the brand name of Google Drive.

» SPAMfighter News - 10/28/2014