Dropbox Phishing Scam

Dropbox is a popular service that allows companies to share files, photos and documents with customers and employees. Cybercriminals know that many companies use this tool and have created a scam to trick people into giving them their Microsoft credentials.

In this scam, cybercriminals send a phishing email that appears to be coming from your HR and tells you to login to your Dropbox to view salary and benefit information. The email looks like a legit email from Dropbox with branding and a link. If you click on the link you are taken to Microsoft One Drive which also looks legit with branding, but it really is a fake webpage. If the person logins with their credential it goes straight to the cybercriminals.

TIPS:

• Always be cautious of unexpected emails with links and attachments. Think before you click!
• Make sure you verify with the sender by asking in person, calling them or emailing them in a separate email.
• Cybercriminals can use email addresses that you trust. Always remember that an email might not be real even if it comes from someone at your company.
• Hover over links to see where they are really taking you.

‍