An increasing number of clients have contacted us about questionable emails that they are receiving, appearing to come from known contacts they do business with locally. These phishing emails appear to come from known contacts of the client and direct the recipient to the legitimate DropBox web site (See screen shots below). DropBox requests the recipient to download a PDF document, and when clicked, asks the user to enter their Office 365 Outlook login username and password to complete the request.
If you receive one of these emails, please forward a copy to us. We will review the email and direct you to delete it if it is considered phishing. If it is a phishing email and you know this business or contact, this means the sender’s email account has been compromised and you should contact them by phone to inform them. We have also learned the phone numbers in the phishing email’s footer has been changed, so please use a known phone number from your own contact database and use this fact as another indicator of a phishing email attempt.
Here is what to look for:
Clicking on the attached PDF brought them to a realistic-looking DropBox web page.
However, the three items that should make you pause are highlighted below.
- The filename listed in the “Attachment Download” box does not match the file name of the attached file in the original email.
- DropBox would not know that a file is an attachment. DropBox would actually display the attachment within your browser; or, would use wording like “download file.”
- The use of a term like “virus free document” is not something that DropBox would indicate. DropBox does not know if the file is virus free or not. That check is performed by your own anti-virus software on your workstation.
When clicking on the link, you were taken to a fake Microsoft site and asked to enter login credentials to access Outlook. However, as you can see, the address bar does not list office.com. My password manager LastPass (the highlighted icon on the right) does not attempt to automatically fill my office.com credentials because it does not recognize this site, regardless of what I see on the screen. And lastly, you would not be prompted to log into Outlook to open a file from DropBox when you are on the DropBox web site.
Help avoid becoming a victim of having your account hacked or accessing fraudulent sites by clicking on a link in an email you receive. Sorted Solution has three recommendations:
- Two Factor Authentication – Setup your web sites and accounts to use a passcode generator like Google Authenticator. Two Factor Authenticator (2FA) programs will randomly generate numeric codes that a user must supply when they are logging into your account, along with a username and password. At a minimum, you could also use SMS to have a text sent to your device from the web site when someone is trying to log in.
- Password Manager – Utilize a password manager like LastPass to store and manage your application and web site passwords. When you visit a web site with a password manager, the password manager will match the web site address and auto-fill your login information. If you visit a site and your password manager does not auto-fill the information, you are not be visiting the site you expect.
- Ask Us – Sorted Solution is a “no shame zone”. You can always contact us if you are unsure about an email you have received or if you clicked on a link. We will work with you to determine what happened and how to mitigate the possible effects.
If you would like assistance setting up Two Factor Authentication or a Password Manager like LastPass, please send us an email. And as always, if you have questions about suspicious emails you receive or links you might have clicked on, we’re here to help.