Dropbox Account Phishing Campaign

The NJCCIC has detected a phishing campaign targeting New Jersey organizations that is crafted to obtain login credentials for Dropbox accounts. As Dropbox is a common platform used by businesses and organizations to share and access files remotely, compromised credentials could pose a significant risk to network security. This campaign delivers unsolicited emails with an embedded URL that redirects users to a fraudulent Dropbox login page designed to mimic the company’s legitimate website. Recent subject lines associated with this campaign include “Sent from,” “Invoice File From,” “Kindly Review,” and “Scanned from a Xerox Multifunction Printer.” According to Proofpoint’s “The Human Factor Report 2018,” Dropbox account phishing was the top phishing attack by volume; these emails are some of the most successful at bypassing email defenses. The NJCCIC recommends never using links provided in unsolicited emails to visit websites requiring the input of account credentials. Users who receive unexpected or unsolicited email requests from known senders inviting them to click on a link or open an attachment should always verify the sender via another means of communication before taking any action. Additionally, enable multi-factor authentication where available to prevent unauthorized access as a result of credential compromise.

AlertNJCCICPhishing, Dropbox, Campaign