1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • That Dropbox link in your inbox could be a scam

    From TechnologyDaily@1337:1/100 to All on Mon May 22 16:00:03 2023
    That Dropbox link in your inbox could be a scam

    Date:
    Mon, 22 May 2023 14:48:31 +0000

    Description:
    Hackers are spoofing Dropbox to deliver malware directly to people's inboxes.

    FULL STORY ======================================================================

    Cybercriminals are abusing legitimate cloud services to make sure their malicious files make it to peoples inboxes, new research from Check Point
    have said.

    Dubbingthe practice Business Email Compromise (BEC) 3.0, the researchers said email service providers had gotten a lot better at spotting and filtering malicious emails.

    So in order to work around this, hackers have started using legitimate cloud services, especially those that offer free trial accounts. They would create
    a free account on a platform such as Dropbox, and use that service to send an email to their victim, carrying a malicious link. Given that the email would be coming from a trusted source and a known domain, email security services can do nothing but let the message reach the inbox. Abusing filesharing services

    In an example, Check Point said the attackers would create a malicious file and host it on Dropbox. They would then use the platforms built-in sharing feature to email the link to the malicious file to their victims. As theres nothing malicious about the email itself, the message would make it into the victims inbox.

    If the victim opens the file, they would be prompted with a login form asking for their email address and password. In this, first step, the victims would already be giving their Dropbox credentials to the attackers. In the next step, the attackers would redirect the victim to a malicious URL, where theyd be asked for their OneDrive login credentials, as well. Read more

    Dropbox wants to cut down on the number of apps you use at work


    What is phishing and how dangerous is it?


    These are the best firewalls right now

    So the hackers, using a legitimate site, have created two potential breaches: They will get your credentials and then potentially induce you to click on a malicious URL, the researchers explained. Thats because the URL itself is legitimate. Its the content on the website thats problematic. Youll see the hackers mocked up a page that looks like OneDrive. When clicking on the link, users are given a malicious download.

    As usual, the best way to protect against email-borne attacks is to use
    common sense and not click on unexpected and suspicious links and email attachments. Here are the best ID theft protection services around



    ======================================================================
    Link to news story: https://www.techradar.com/news/that-dropbox-link-in-your-inbox-could-be-a-scam


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)