Powered by Movable Type 3.121
Home The Book Training Events Tools Stats
Web log archive.
Dispatches Archive

« December 2014 | Main | February 2015 »

January 13, 2015

Dropbox Malware Lure Permalink

Here is an email that will trick tons o' folks into clicking their way into malware hell. Dropbox is a popular site and application that facilitates sharing files among various users or multiple machines of a single user, as well as acting as a cloud-style place to tuck away backup copies of files that are important to you. The company's blog claims over 300 million users around the globe. There's a good chance that a spam splatter will reach a lot of users.

So, the email claims to be From: Dropbox (although the Reply-To: is to a canned gmail address, so Dropbox won't immediately be alerted by a raft of bounces from bad recipient email addresses that litter every spam list). The Subject: line is the innocuous "Please verify your email address."

The body of the email is a nicely crafted (verbally and visually) message with the common warnings that cause adrenalin to flow and trigger immediate clicking:

Fake Dropbox email message

In their haste to be sure their Dropbox accounts don't crumble so they can retrieve the mysterious "Important Document," many recipients won't take a few extra seconds to roll the cursor atop the button (or tap and hold on a touchscreen device) to reveal the true destination of the link (as shown above, partially blocked). Such links invariably lead to malware installation pages.

And all that secret stuff you keep in your Dropbox folder may no longer be secret.

Posted on January 13, 2015 at 03:51 PM