Ideal for users who work in a team, Dropbox is the place where all their team’s content comes together. It is the world’s smartest workplace, which helps team members cut through the clutter and bring to the surface, things which matter the most. Users can store their files in a safe place, and access them through a computer, phone, or tablet. They need to login to Dropbox, and all the changes they make will sync across all the accounts. Dropbox makes team management super simple. Team members can send an e-mail to Dropbox, and keep their projects moving forward.
How Dropbox Hackers Carry Out Dropbox E-Mail Spam?
For users who use the file hosting service Dropbox, it is prudent to keep a vigilant eye on fake e-mail notifications. These notifications claim that you have new Dropbox messages. The fraudulent Dropbox e-mails are cleverly designed to steal your account information.
Upon clicking the links embedded in the Dropbox spam e-mails, users get redirected to a Dropbox login page. They have to enter their login credentials on this carefully replicated Dropbox homepage. Once the hackers gain access to the login credentials of the users, it opens up a sea of opportunities for them.
- They can hijack the e-mail account and use it to conduct scam, spam and malware campaigns in the user’s name.
- They can also use the stolen login credentials for gaining access to linked services such as app stores and online file storage.
- They can view and download personal files which the victim has stored.
- They can conduct fraudulent transactions in the name of the victim.
- They can gather enough information about the victim to steal their identity altogether.
Hybrid Dropbox Malware Attacks
Hackers don’t always send phishing e-mails to Dropbox for gaining unauthorized access to Dropbox credentials. A closer look at Dropbox phishing e-mails reveals they are hybrid attacks to compromise other user credentials. Consider the following Dropbox phishing attempt.
A user received a Dropbox mail which offered a Dropbox invite to an Excel file. The landing link in the e-mail pretended to use an HTTPS connection. It achieved this by using sub-domains. Since most people consider HTTPS websites to be safe, the Excel icon in the e-mail launched the browser and took the victim to a fake website. The user landed on MyDropbox Login page, and hackers harvested the username and password twice. It then landed the user on the legitimate Microsoft site.
When investigators analyzed the link carefully, it turned out that it was an Office 365 fake e-mail. It was cleverly designed to compromise the Microsoft credentials of the victim, in addition to the Dropbox credentials.
How To Safeguard Yourself From Falling Prey To Dropbox Phishing Scams?
While recent years saw a rapid increase in users switching to cloud file-sharing platforms, there is a massive jump in Dropbox e-mail scams. Users can undertake the following steps to safeguard themselves from a Dropbox e-mail hack:
- If the user receives an e-mail which seems like it’s from Dropbox saying, “Somebody wants to share a file”, login to Dropbox from the browser. It is a better choice than clicking on the link directly to view the shared data. Otherwise, the link will redirect the user to a fake Dropbox login page to obtain their credentials.
- The hackers use sub-domains to spoof HTTPs. Lately, they are also registering for free SSL certificates. Hence, the time-tested precaution of trusting websites with an HTTPs tag is not useful anymore. Users must slow down and confirm the legitimacy of the source. If found illegitimate, it’s prudent to play it safe and avoid opening any attachments or clicking on any links.
- Another solution is to check whether these links are sent by verified/ genuine email addresses or not. Users can consider using email verification tools for this purpose, to avoid opening such emails in the first place.
- It is prudent to use strong passwords, and users must choose a different password for every service. Using a two-step verification for Dropbox account helps users safeguard themselves from Dropbox e-mail scams. For users who use the Dropbox application on their mobile, it is advisable to set a passcode for the app.
- If the users suspect receiving a Dropbox e-mail virus, they can report it by sending an e-mail to abuse@Dropbox.com. They can also report any phishing attempt which impersonates other Dropbox services. For browser blocking, users can also report malicious links to Internet Explorer or Safebrowsing.
What To Do If The Files Get Corrupted Or Renamed By A Dropbox Malware?
If your account is affected by a Dropbox e-mail virus, you can take the following steps to restore its safety:
- Unlinking The Device From Dropbox: Users can start by unlinking the infected device from the Dropbox account. There is also an option for unlinking all the devices if the user is unsure which machine is infected.
- Restoring The Desired Files And Folders:
- Go to the file’s version history page.
- Select the version of the file before the Dropbox e-mail hack.
- Click Restore.
For restoring a large number of infected files:
- Use the Dropbox Rewind to take the entire account or folder to the point of time when the Dropbox e-mail spam occurred.
- Only Dropbox Plus or Professional users can avail this facility.
- Users can also contact Dropbox support to help restore.
- Re-linking The Device:
Before re-linking, make sure your device is free from any malware. Additionally, delete the previously encrypted files in the Dropbox folder. It is easy to re-link an already linked device with Dropbox. Users need to sign back in through the Dropbox login application on their device. Primary users can connect up to three devices with their Dropbox account.
While being the world’s smartest workplace, Dropbox has its downsides too. Attackers often look for ways to steal passwords, e-mail addresses, credit card details, and other sensitive information of Dropbox users. Hence, it is prudent for users to stay vigilant and upgrade their email security posture in the face of such Dropbox phishing scams.