A new phishing campaign is making the rounds in an attempt for hackers to obtain sensitive information from vulnerable users. This campaign, first uncovered by tech researchers at Checkpoint, targets the popular cloud storage platform Dropbox. Learn more about the cybersecurity threat and how you can stay safe.
Dangers of Phishing
Hackers create ways to trick users into giving out their personal information, such as with deceptive emails or links to fake websites. They use messaging that claims a user needs to act urgently and provide sensitive data, such as credit card numbers or banking information. Once the hackers have this data, they can do with it as they please and wreak havoc on unsuspecting people.
The dangers of phishing extend to business owners, their employees, and beyond. Victims must deal with the following issues:
- Financial loss or identity theft
- Violation of safety
- Lack of trust online
How the Dropbox Phishing Campaign Works
This clever campaign has several parts to it. Let's review how hackers execute their plans step-by-step.
Hackers Host a Document on Dropbox
The plan begins with unknown bad actors creating a Dropbox account. They host a benign document that looks like a file from OneDrive and send phishing emails to users. Dropbox users will see a button that says "view document." If they click, it leads them to malicious links. Hackers can implement the next phase after users end up on this site.
Distribution Phase
A key part of this Dropbox phishing campaign is getting users to a malicious site to harvest their credentials. Once someone ends up on this page, their information is given to cybercriminals who can use it against them. If you fall for the first part of the plan and have hackers stealing your credentials, it can be challenging to feel secure online again.
Why This Attack Is Hard to Recognize
Checkpoint reports that thousands of users have fallen victim to this attack. It's particularly challenging to avoid since hackers use Dropbox's system to share files and notify other users via email. Since the email comes from a reputable source, hackers can bypass any email scam filters or other protective measures you set up. This ultimately makes you more likely to open malicious links.
The best way to keep your information safe from bad actors is to always be on guard. Refrain from assuming every email you receive is secure; report it immediately if something seems a little off. Experts recommend that business owners take the time to educate their employees on safe practices and report any suspicious email to an IT professional.
Protect Your Business from Threats
Every phishing campaign is different, but the threat remains the same. Keep your business safe from hackers by always staying alert and tracking widespread online campaigns.