Malicious messages delivered to unsuspecting users aim at harvesting credentials for web-based email services by employing a ruse that may trick recipients into believing they are referred to Dropbox-related documents.



A link provided in the body of the message claims to lead to “urgent and highly confidential” documents that can be downloaded via the Dropbox application.

Credentials from multiple webmail services are targeted

However, the URL leads to the scammy page that displays logos for multiple popular webmail services (Outlook, Gmail and Yahoo) and asks to log in to have access to the important files.

Clicking on any of the logos redirects to a fake login page for the respective provider, where the data entered in the fields is sent to the cybercriminals.

Users that turned on two-factor authentication for the services should be safe from harm, as this security model ensures access to the account based on a second authentication code delivered to a device selected by the user.

Turn on Two-Step Authentication for Google Apps Accounts

Some services alert of suspicious account access

Some webmail services offer protection against this sort of deceit by sending alerts of potential unauthorized activity if the account is accessed from a different computer or location that has not been used before. In this case, a link for changing the password is delivered.

This scam is not new, but the crooks behind it are constantly changing the content of the message to adapt to the current trends.

The pattern followed in this case is a classic one, with vague details about the content offered in the message and clear information about the urgency of accessing the resources.

When facing such messages, users should take a moment and analyze them for signs of fraud attempts. Legitimate communication from an online service is clear and refers to the user by the name they provided upon registration.

Lack of this element should be regarded as suspicious and should be sufficient reason for further investigation, like taking a look at the sender’s address in the source of the email.

If you are compromised – Contact us on 042-9335355 to assess what options are available to you.