12/20/2017

'DROPBOX QUERY? BAIT?'

I got a message asking me to verify a new Dropbox account, but I never signed up for Dropbox. I suspect this is a hoax-

But I looked at the return address and it seems to be pointing to Dropbox itself. Has my email account been hacked?................

*A compromised email account is often a possibility, especially if you have not taken precautions like enabling two factor authentication, but a new wave of fraudulent spam has been going around-

And it uses supposed Dropbox verification as bait.

In this type of phishing attack, the perpetrators put a legitimate Dropbox address in the message's sender field -usually no-reply@dropbox.com, which is the real address  Dropbox puts on messages when it is legitimately asking you to verify a new account.

However, the ''Verify my email'' button or link in the body of the message disguises the rent destination the attacker wishes to send you to.

The button graphic or link is designed to send you to a phishing site or possibly download a virus.

Some observers have reported that the fake Dropbox links lead to ransomware that takes the user's hard drive hostage by encrypting its files.

You can see the real link under the  ''Verify my email''  button in a few ways, like viewing the message in plain text [instead of the HTML commonly used to display links and graphics email] in your desktop mail program.

On a mobile device, press and hold the button or link   -but do not tap it as you normally would   -to reveal the hidden address.

You can report the phishing messages by forwarding them to:
abuse@dropbox.com

Dropbox users have been frequent targets of scammers. The company's support site has has a guide to recognizing malware and phishing attempts.

0 comments:

Post a Comment

Grace A Comment!