News

A new Dropbox Phishing Attack has Emerged

2015-05-19

With the emergence of cloud services and the end of the USB and external hard drive era, more and more people are taking advantage of the benefits of always-available, always-online technology. Cloud service providers have been developing rapidly, and one of the most impressive among them is the cloud storage service Dropbox. In just a few years, it has accumulated over 300 million users, meaning there is one Dropbox user for every 20 people on the planet. However, some of these users are now being targeted by hackers.


The Baidu Antivirus Security Center has monitored multiple series of phishing attacks on Dropbox accounts. Analysis by Baidu Antivirus security experts has shown that these phishing attacks targeting the Dropbox account system mostly come from spam emails received by Dropbox users. When the users click the link in the email, they have already entered a phishing trap set by cybercriminals.

Figure 1. A fake Dropbox page used in a phishing attack. Note the URL.

 

Figure 2. A fake Dropbox sign-in page used in a phishing attack.


Users are tricked into thinking they are on the Dropbox portal so they enter their Dropbox account and password information. In fact, they’ve now been victimized by a website that only mimics the Dropbox site in appearance, but is in actuality an elaborate phishing hoax. 


Any information input by the users (normally their email address and password) is immediately sent to the cybercriminals' inbox. Then, these users are taken back to the official Dropbox site so they never suspect a thing. Many people upload their personal files and photos to cloud drives. Thus, after gaining access to peoples’ accounts, criminals can easily steal this type of personal information and use it for blackmail or other purposes.

Figure 3. Behind the scenes look at what happens when your personal data is stolen.


What's more, many Internet users use the same account name and password for multiple accounts. Thus, when one account in cracked, all the user's accounts may be compromised. 


Phishing attacks like this this one are nothing new. Therefore, the Baidu Antivirus Security Center would like to remind people to always make sure they only enter their account names and passwords on official websites. At the same time, users should do their best to avoid using the same account names and passwords for multiple accounts. Whenever you suspect that your personal data has been compromised, immediately change your password to avoid data leaks.


Currently, Baidu Antivirus can intercept Dropbox phishing attacks by enabling all proactive security defense features. Users that do not have Baidu Antivirus yet can download it for free at http://antivirus.baidu.com.

Figure 4. Baidu Antivirus’s phishing attack alert.


Sources: Sky News


Download Baidu Antivirus – the best free antivirus – here: Download