Fake Dropbox Email Phishing Scam Alert – May 2017

These fake Dropbox emails look legitimate, but they’re both phishing scams that work differently. One tries to steal your Dropbox password with an order request that looks like it’s from an actual company. The other tries to steal your email password with a fake file sharing request. Help coworkers recognize phishing attacks and get tips on blocking these in your spam filter.

Dropbox email spam is very common. Some of these scams try to lure you into downloading a virus attached to or linked from the email. Others exploit the popularity of the file sharing service to get you to provide your username and password with a fake login page. The two we’re discussing here are of the phishing variety.

Fake Dropbox Message Center Email

The first phishing spam we’re highlighting this week is a variation on email scams that have apparently been impersonating a trading company since at least May of last year. Here’s what it looks like:

Fake Dropbox Message Center Email Links to a Phishing Login Page

How It Works

This has some obvious signs of a phishing scam. First, it does not address you personally. Instead, it uses your actual email address. Also, the email sounds urgent, trying to get you to react quickly without thinking and click on the button. Finally, if you hover over the button, your browser will display the link destination (what we call the spammy URL) at the bottom of the window. The URL does not belong to the alleged sender.

There are also some peculiar features to this email that you don’t always see in phishing scams. Many of them are addressed to “Dear Customer”. This one uses your actual email address. While that’s more personalized, it’s not your name (which would appear in a “spear” phishing scam). This is clever because it makes the email seem personal without having to harvest any more of your information. Also, when you hover over the button, the link that your browser reveals ends with a URL parameter:


Do not click the link. It takes you to a very realistic but fake Dropbox login page:

Phishing Login Page for Fake Dropbox Message Center Email

Note that your email address is already entered in the Address box. That’s what the URL parameter does. It might also provide analytics info about you to the spammer.

If you have business with the trading company this email appears to come from, contact them safely (not using contact info from the email) before doing anything else. Regardless, do not go to this page or enter your password. Doing so would give the spammer your Dropbox login credentials.


Fake Dropbox File Sharing Email

The second phishing spam this week is a little different. It tries to steal your email login and password. The fake email that you get looks like it comes from someone trying to share a Dropbox file with you:

Fake Dropbox file sharing email tries to steal your email username and password

How it Works

Hovering over the button (do NOT click it) reveals the malicious URL at the bottom of your browser window. That would take you to a “Dropbox Business” landing page with fake links to popular email providers (like, Google, Yahoo, and Office 365). Here’s what it looks like:

Fake Dropbox Business landing page with links to fake email login pages

If you were to click any of those links (don’t), a window pops up with a fake email login. Here’s an example:

Fake Gmail login page will steal your username and password

That’s the phishing page. The spammer will steal your username and password and login to your account, sell the information on the black market or worse.

Employee training tip: The email login request is a big hint that this is a phishing scam. No legitimate company would ask for the password to your email account. Train your coworkers to recognize that.

Original article by: SpamStopsHere

Leave a Reply

Your email address will not be published. Required fields are marked *