That Dropbox link in your inbox could be a scam

data privacy
(Image credit: Shutterstock / Zeeker2526)

Cybercriminals are abusing legitimate cloud services to make sure their malicious files make it to people’s inboxes, new research from Check Point have said.

Dubbingthe practice Business Email Compromise (BEC) 3.0, the researchers said email service providers had gotten a lot better at spotting and filtering malicious emails. 

So in order to work around this, hackers have started using legitimate cloud services, especially those that offer free trial accounts. They would create a free account on a platform such as Dropbox, and use that service to send an email to their victim, carrying a malicious link. Given that the email would be coming from a trusted source and a known domain, email security services can do nothing but let the message reach the inbox.

Protecting your business from the biggest threats online

Protecting your business from the biggest threats online
Perimeter 81's Malware Protection intercepts threats at the delivery stage to prevent known malware, polymorphic attacks, zero-day exploits, and more. Let your people use the web freely without risking data and network security.

Preferred partner (What does this mean?) 

Abusing filesharing services

In an example, Check Point said the attackers would create a malicious file and host it on Dropbox. They would then use the platform’s built-in sharing feature to email the link to the malicious file to their victims. As there’s nothing malicious about the email itself, the message would make it into the victim’s inbox.

If the victim opens the file, they would be prompted with a login form asking for their email address and password. In this, first step, the victims would already be giving their Dropbox credentials to the attackers. In the next step, the attackers would redirect the victim to a malicious URL, where they’d be asked for their OneDrive login credentials, as well.

“So the hackers, using a legitimate site, have created two potential breaches: They will get your credentials and then potentially induce you to click on a malicious URL,” the researchers explained. “That’s because the URL itself is legitimate. It’s the content on the website that’s problematic. You’ll see the hackers mocked up a page that looks like OneDrive. When clicking on the link, users are given a malicious download. “

As usual, the best way to protect against email-borne attacks is to use common sense and not click on unexpected and suspicious links and email attachments.

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.