Dropbox’s file storage service was used for a tricky phishing attack, although the service was quick to shut down it down, according to Symantec.
The security vendor said it detected a batch of phishing emails advising recipients that they’ve been sent a large file and included a link to Dropbox-hosted page.
“The email claims the document can be viewed by clicking on the link included in the message,” wrote Nick Johnston of Symantec in a blog post. “However, the link opens a fake Dropbox login page, hosted on Dropbox itself.”
By hosting the fake login page on Dropbox, the scammers gain some benefits over hosting it on a random, strange-looking domain name. The phishing page is contained within Dropbox’s user content domain, similar to shared photos or files, Johnston wrote.
To read this article in full or to leave a comment, please click here