Subj : That Dropbox link in your inbox could be a scam To : All From : TechnologyDaily Date : Mon May 22 2023 16:00:03 That Dropbox link in your inbox could be a scam Date: Mon, 22 May 2023 14:48:31 +0000 Description: Hackers are spoofing Dropbox to deliver malware directly to people's inboxes. FULL STORY ====================================================================== Cybercriminals are abusing legitimate cloud services to make sure their malicious files make it to peoples inboxes, new research from Check Point have said. Dubbingthe practice Business Email Compromise (BEC) 3.0, the researchers said email service providers had gotten a lot better at spotting and filtering malicious emails. So in order to work around this, hackers have started using legitimate cloud services, especially those that offer free trial accounts. They would create a free account on a platform such as Dropbox, and use that service to send an email to their victim, carrying a malicious link. Given that the email would be coming from a trusted source and a known domain, email security services can do nothing but let the message reach the inbox. Abusing filesharing services In an example, Check Point said the attackers would create a malicious file and host it on Dropbox. They would then use the platforms built-in sharing feature to email the link to the malicious file to their victims. As theres nothing malicious about the email itself, the message would make it into the victims inbox. If the victim opens the file, they would be prompted with a login form asking for their email address and password. In this, first step, the victims would already be giving their Dropbox credentials to the attackers. In the next step, the attackers would redirect the victim to a malicious URL, where theyd be asked for their OneDrive login credentials, as well. Read more > Dropbox wants to cut down on the number of apps you use at work > What is phishing and how dangerous is it? > These are the best firewalls right now So the hackers, using a legitimate site, have created two potential breaches: They will get your credentials and then potentially induce you to click on a malicious URL, the researchers explained. Thats because the URL itself is legitimate. Its the content on the website thats problematic. Youll see the hackers mocked up a page that looks like OneDrive. When clicking on the link, users are given a malicious download. As usual, the best way to protect against email-borne attacks is to use common sense and not click on unexpected and suspicious links and email attachments. Here are the best ID theft protection services around ====================================================================== Link to news story: https://www.techradar.com/news/that-dropbox-link-in-your-inbox-could-be-a-scam --- Mystic BBS v1.12 A47 (Linux/64) * Origin: tqwNet Technology News (1337:1/100) .