Dropbox: Your email may have received a fraudulent link

Published May 25, 2023
Author: Ash Khan

Dropbox: Your email may have received a fraudulent link

Published May 25, 2023
Author: Ash Khan

Dropbox is being used by hackers to distribute malware.

Researchers claim cybercriminals are leveraging legal cloud storage and backup services to ensure that their infected files reach recipients’ inboxes.

The researchers called the practise Business Email Compromise (BEC) 3.0. They believe email service providers have become much more adept at identifying and filtering fraudulent communications. 

  

Hackers have started leveraging genuine cloud services, particularly ones that provide free trial accounts, to get past this. They would set up a free account on a website like Dropbox and use that account to send their target email with a malicious link. Email security providers have little choice but to allow the message to enter the inbox. As the email is coming from a reliable source and a well-known domain.

Utilising Dropbox improperly

Check Point gave an illustration of how the attackers would produce a malicious file and host it on Dropbox. The malicious file link would then be sent to its victims through email using the platform’s built-in sharing capability. The email would reach the victim’s inbox because it isn’t harmful in and of itself.

If the victim opens the file, a login form requesting their email address and password will appear. The victims would already be providing the attackers with their Dropbox login information in this initial stage. The user would then be sent to a fraudulent URL where they would also be prompted for their OneDrive login information by the attackers.

The researchers stated hackers have thus created two potential breaches, using a legitimate site. They will get your credentials and then possibly persuade you to click on a malicious URL. That’s because the URL is genuine in and of itself. The issue with the website is its content. You’ll see that the hackers created a mockup of a OneDrive-looking website. Users receive a malware download after clicking the link.

 

As always, exercising caution and avoiding clicking on unexpected or dubious links and email attachments are the best ways to defend against email-borne assaults.

 

Looking for email security solutions for your organization? Visit now!

Post Views: 136
0

Popular Tags

API Integration Branding Services Business Cloud Backup storage cloud storage Cloud VPS Server Hosting Database Services Digital Marketing eBay Store Email Hosting Email Marketing & CRM Email security Explainer Video Facebook Ads Fast Vpn FTP hosting GMAIL Google Ads Google Workspace hacked website repair IT Support Services Linux Managed AWS Cloud Managed Azure Cloud Microsoft 365 Microsoft Office 365 Microsoft Teams Integration mobile apps Outlook email Reseller Hosting SEO Services Server Management SIM Hosting Service SMS Services Social Media Marketing SQL Services Transfer Domain Name Vulnerability Assessment web applications Web Hosting Web Maintenance Website Designing website repair services Website Security Wordpress Hosting

Latest Posts