Clients      Employees

Dropbox Users: Beware New Phishing Attack



Users of the popular Dropbox file-sharing service should beware a new phishing attack with potentially costly consequences. Cyber criminals have been distributing emails that use links to Dropbox files to deliver malware.


The emails dupe users into thinking that they are receiving a fax or other legitimate document. If the user clicks the link, they are directed to Dropbox to download a .zip file that contains malware disguised as a screen saver. The malware proceeds to encrypt files on the user’s computer, then launches a page demanding that $500 in Bitcoins be deposited to the criminals’ electronic wallet. If the user fails to do so after a certain amount of time, the ransom doubles to $1,000.


Security firm PhishMe estimates that, as of June 6, victims had had up to 20,000 files encrypted, and the criminals had collected at least $62,000. The firm discovered the scam after about 20 of its 50 employees received the phishing messages. The attack does not exploit any sort of weakness in Dropbox.

The attack is similar to the Cryptolocker Trojan horse — malware so nasty that the U.S. Computer Emergency Response Team (US-CERT) issued an alert warning of an increasing number of infections. Cryptolocker is also spread via phishing emails designed to look as if they come from legitimate businesses, or through phony UPS and FedEx tracking notices. Typically, the emails have a malicious attachment in the form of a .zip file that contains an executable program disguised as a PDF. One Cryptolocker variant also demands payment in Bitcoins.

The Dropbox scam and other Cryptolocker variants belong to a class of malware known as ransomware. Some forms of ransomware use popup messages claiming that the government or police have been monitoring your computer use and that you have a violated some law. All of these schemes demand payment in order to restore your files or unlock your computer.

Victims of any malware attack should immediately disconnect their computers from wired or wireless networks in order to stop the infection from spreading. More importantly, organizations should take these steps to prevent an attack:

  • Inform users about the seriousness of these threats and remind them to never click links or download files from any unknown or suspicious sources.
  • Ensure that antivirus software is current and all systems and applications have the last security patches.
  • Configure the network firewall to prevent executable programs (including screen savers, which Microsoft treats as an executable) from being downloaded.
  • Utilize email and web filtering defenses.
  • Configure PCs and servers to control the damage from this threat — for example, use role-based folder permissions to stop an infected PC from encrypting other users’ files.
  • Implement a reliable backup system for all data stored within the organization, and ensure that files can be recovered quickly if needed.

ICG is here to help you defend against these and other security threats. If you need assistance with these steps, or have any other security concerns, please contact us immediately.