If you’ve been following the news, there was a recent phishing scam going around that was involving a number of Google Docs users. (If you’re not familiar with this story, check out this post by US-CERT). Fortunately, I didn’t receive that phishing attempt message myself.
However, there now seems to be a similar phishing attempt going around, but this time it involves Dropbox. A number of sites have stories on the Google Docs scheme, but as of this writing, I haven’t seen very much involving this particular Dropbox scheme. In the email I received, there were a couple of giveaways that stood out to me:
- I wasn’t expecting any sort of shared document from the sender. Even though she’s in my contact list and is someone I do communicate with, it wasn’t something we had previously discussed.
- This one is probably the most obvious, but the From: and To: email addresses were the same. Even though I received the email, MY email address wasn’t listed in the To: field.
- It was sent to the wrong email address. Although this email address was once associated with Dropbox at one time, it isn’t any more. If this was legit, it would’ve gone to another email address.
- If I hovered over (not clicked) the “Secured Document” link, I could clearly see that it wasn’t going to a Dropbox URL.
- At this point, it was pretty obvious to me that this was an attempted phishing email, but I even reached out to the “sender” of this email to see if she had sent it. Her response back made it clear that she hadn’t sent this out.
Here’s a screenshot of what the email looks like. Remember to stay vigilant and question emails like this, especially when it’s not something you were expecting to receive!