Dropbox is a popular file-sharing service many use to share photos, files, and documents. In this week’s scam, cybercriminals are using this service to try and steal your Microsoft user credentials. They use Dropbox to send you an email that appears to come from “Human Resources.” The email states that a document containing salary and health insurance information has been shared with you.
The email is a real email from Dropbox, and it contains a link that will allow you to access the document. The document also contains realistic Microsoft branding, which makes this scam particularly convincing. However, if you click the link in the document, you’ll be taken to a fake Microsoft OneDrive page. If you enter your login information here, you won’t actually be able to update your health insurance information. Instead, the cybercriminals have stolen your credentials!
Follow these tips to avoid falling victim to a phishing scam:
- An email could be fake even if the sender’s email address is from a trusted domain. Cybercriminals can gain access to trusted domains to make their scams more believable. When in doubt about the legitimacy of an email, follow your organization’s email reporting policy.
- Before you click any link, always hover your mouse over it. Watch out for suspicious URLs that can hide a website's true domain.
- Never click a link in an email that you aren’t expecting. If you have doubts about an email your organization supposedly sent, always confirm it is legitimate before clicking any links.