Cybercriminals are sending out fake and malicious Dropbox email messages like the one below, which claims the senders are attempting to send documents to the recipients, but the documents are too large or there are multiple copies of the documents, so the senders used file hosting or storage website, Dropbox, to share the documents. The fake email messages then state that the recipients should click on a link within the same email messages in order to view the same documents. But, the links go to a fake or phishing Dropbox website, where the recipients will be asked to sign-in with their Google, Hotmail, Yahoo, AOL or other email providers’ username and password.
A Sample of the Dropbox Phishing Email
From: Emily Cline ecline3@elon .edu
Date: February 29, 2016 at 10:40:09 AM EST
Subject: Document for record
I'm trying to send you documents through attachment, but it is multiple, so i had to use Drop-box to shared.
Please view [documents] and keep file for your record.
Recipients of the fake Dropbox email messages, who have already clicked on the link within the same email messages and have entered their usernames and passwords on the fake or phishing Dropbox website, should change their passwords immediately before their email accounts are hijacked by the cybercriminals who are responsible for the fake or phishing Dropbox email messages.
And, Dropbox’s website is located at https://www.dropbox.com/, so recipients of Dropbox email messages, should ensure that they are not taken other websites. If they are, someone is attempting to trick them into visiting a fake Dropbox website, with the intention of stealing their accounts’ username and password.