Phishing Campaigns Target Dropbox
The NJCCIC observed threat actors sending tax-themed Dropbox phishing emails to State employee email addresses. These emails appear to be sent from a person at a tax-related business; however, the address is spoofed and the headers of these emails reveal a different “Reply-To” address. The emails contain a “View file” blue box link that supposedly downloads a PDF document titled with the spoofed employee’s first and last name and email address followed by “1040a.pdf.” The embedded link will likely either attempt to download a malicious document that will install malware on the user’s device or direct the user to a spoofed site meant to steal the user’s Dropbox login credentials. Other reported Dropbox phishing campaigns distribute emails that convey a sense of urgency and contain “Drop-Box Secure [New invoice from]” in the Subject line and Dropbox graphics with an embedded link. Phishing attacks often target file-sharing sites as users trust these brands and services, and they are commonly used for business processes, making these accounts more likely to have access to sensitive information. The NJCCIC recommends users refrain from clicking on any embedded links or attachments, downloading any files, or accepting shared folder invitations that come with unsolicited or unexpected emails, and verify emails from known senders via a separate means of communication. We encourage users to review the NJCCIC products Don’t Take the Bait! Phishing and Other Social Engineering Attacks and Cybersecurity Best Practices for more information on how to keep their accounts and data safe.