Phishing Protection: The latest Dropbox phishing scam
Adrien Gendre
—November 07, 2016
—2 min read
Phishing protection is essential for every company. At this point most people (and spam filters) can identify the obvious “Nigerian Prince” style scams, but things are getting more complicated. Hackers are more advanced than ever and standard email phishing protections can no longer keep up with these sophisticated attacks. A recent Dropbox phishing scam proves just how important having strong phishing protection is.
The Dropbox Phishing Scam
Hackers sent fake Dropbox emails to victims. These emails claimed that a file a colleague sent needed to be viewed in Dropbox because it was too large to be attached. Once users clicked the link, they were directed to a counterfeit Dropbox login page. It was a convincing replica of the normal login page; however, the URL was not a Dropbox destination. This is something that users would hopefully notice, but unfortunately, URLs are often overlooked along with the other common phishing indicators that were used in this scam.
Hackers obtained critical company data by stealing Dropbox credentials via a convincing replicated Dropbox login screen.
In addition to the login page, the logos of popular email hosts like Outlook and Gmail were available as alternative log in methods. Some users clicked thinking that they could login to Dropbox with these credentials. Unfortunately, this gave hackers access to those email accounts as well.
Your employees use Dropbox, even if your company doesn’t.
Dropbox is by far the largest cloud sharing and storage company in the world. With 500 million individual users and 200,000 businesses saving 1.2 million files every day, it is no wonder that hackers used their platform for a phishing scam. So, even if your company doesn’t use Dropbox for business you could still be at risk. There is a significant chance that employees use the service without IT’s knowledge and have placed confidential company IP on Dropbox. Or the hackers could just place malware in the employees Dropbox and start siphoning credentials and files from their device. A breach of an employee’s Dropbox account is a potential corporate breach.
Even if your company doesn’t use Dropbox, your employees probably do, and that can put your network at risk.
Phishing Protection is the best safeguard.
Advanced phishing protection is the only way to prevent these kinds of attacks, and standard spam and email and signature-based phishing protections won’t suffice. The vast majority of email security systems are signature-based—which means that they can only stop email scams that have been previously identified or that are clumsily constructed. Unfortunately, hackers keep evolving ever-more sophisticated attacks. By the time a new scam has been identified and flagged… your company might already be victimized. And you probably won’t even know it.
In order to protect your company from these evolving phishing scams, you need to employ specialized phishing email security with advanced artificial intelligence backed by inbound filtering, identity verification, domain verification, and personal data warnings. This state-of-the-art email protection can spot and stop even zero-day attacks.
Want to know more about the state-of-the-art for phishing protection? Try our 30-day FREE evaluation and see how layering Vade email security onto your current email security solutions can protect your company from emerging and zero-day threats including spear phishing attacks.