What is Dropbox?

Remote and hybrid work environments have become more common since 2020.  With the increase in remote work environments companies have had to find new ways to interact and share the files they need to do their jobs.  As employees have more of their work interactions online the resources they use to stay connected are being turned against them by bad actors. 

One such option for keeping employees connected online is Dropbox.  Dropbox is a file hosting service that allows cloud storage and the ability to synchronize files across devices.  It also allows users to share those files with others. 

 

Dropbox is being used in phishing attacks  

NGT has noticed several instances of Dropbox emails being part of phishing attempts.  Bad actors appear to be using stolen credentials to create Dropbox accounts with the stolen users info. 

The actors then upload a malicious file to Dropbox and share it with as many people as possible.  Because Dropbox itself handles the sending of emails and reminders about shared files it often bypasses phishing filters, as NGT has witnessed.   

Once a victim clicks on the link to view or download the malicious file, the email account is compromised, and a new Dropbox account is created using the victim’s identity.  The process repeats as the new account sends links to people in your contact list. 

Although the use of Dropbox by bad actors isn’t new (reported by IT professionals on the IT forum Spiceworks in 2022) it is worth bringing up as a learning opportunity to discuss what can be done to protect yourself. 

 

How would you protect yourself from such attacks? 

Enable MFA.  If you accidentally clicked on a link, enabling multi or two factor authentication (MFA or 2FA) on your email account would help protect you.  CISA says “Activating a strong MFA is the best way that small businesses can protect their internet facing business accounts from phishing related threats.”  If you desire to learn more about MFA, visit CISA’s More than a Password MFA webpage.   

Training.  Being aware of the various tricks used by phishing scams will help you catch them before you give out credentials or click a bad link.  For additional information, please refer to this phishing infographic provided by CISA.  Also, Dropbox has said to report unknown senders who share files with you by forwarding the suspicious email to abuse@dropbox.com.  Ask yourself the important questions: 

  • Does this email come from inside or outside my business/company? 
  • Does the email address make sense? 
  • Do I know the person sending this email/sharing this file? 
  • Does it make sense for this person to send me this email/file?

If anything about the email makes you uneasy, you always have the option to confirm through another channel that the email is genuine.  Do not use the links, emails, or phone numbers in the suspicious email when trying to confirm. 

Continue to use caution when deciding what information you share on the internet.  For anyone who is a network defender or interested in more information about phishing, a joint agency report by the Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), Federal Bureau of Investigation (FBI), and Multi-State Information Sharing and Analysis Center (MS-ISAC) was created to provide phishing guidance, including to small- and medium-sized businesses. 

_______

NGT is hosting our Cyber Security Summit on Tuesday, September 17th!

For more information visit the link ngtnet.net/cyber-security-summit/.