Published: January 27, 2023 on our newsletter Security Fraud News & Alerts Newsletter.
A Dropbox phishing attack happened recently. It was caused by someone acting as the code delivery platform CircleCI, using code that Dropbox had stored in GitHub. The victims were limited in number, but Dropbox decided to put out a message about how they are dealing with it. The attackers sent people to a fake login page that took their details. According to Dropbox, nobody, had their Dropbox files accessed but there could be more phishing attempts due to the fact that the intruders may have gotten email addresses related to accounts.
The best way to avoid getting in hot water is to ensure you have multifactor authentication (MFA) enabled whenever it’s available to you. Next, make sure you keep that multifactor authentication codes to yourself at all times.A Dropbox phishing attack happened recently. It was caused by someone acting as the code delivery platform CircleCI, using code that Dropbox had stored in GitHub. The victims were limited in number, but Dropbox decided to put out a message about how they are dealing with it. The attackers sent people to a fake login page that took their details. According to Dropbox, nobody, had their Dropbox files accessed but there could be more phishing attempts due to the fact that the intruders may have gotten email addresses related to accounts.
The best way to avoid getting in hot water is to ensure you have multifactor authentication (MFA) enabled whenever it’s available to you. Next, make sure you keep that multifactor authentication codes to yourself at all times.
While we’re here, let’s talk a bit about MFA types. It is a second way to verify login credentials. Often it means receiving a text message with a one-time password (OTP) that you enter into the page. Others, you use some form of biometric identifier. Other ways to accomplish this are using key fobs with randomly generated codes or a hardware “key.” Any of these are an added layer of protection for your accounts, but if you have the option to choose, the text or email code is the least secure. You see, the attackers now can intercept those. In this case, they have some email addresses where some codes go. This is why being on top of phishing lures is critical to your online safety.
Even if any email looks legitimate, don't provide the sender the authentication information they ask for or they may be able to access your account. Also be wary of email messages with links in them that look suspicious. Always look carefully at where a link is taking you because it could very well be a phishing attack in disguise.
Dropbox was able to stop the issue within a very short period of time but there is still a chance that you could end up a victim if you are not careful. It's best to report what's going on to Dropbox if you're not sure of whether or not something is legitimate that you've been sent through email. Even if it is them that sent the message, you can contact them independently of the message to make sure that's the case so you don't accidentally give a scammer your information.
Every platform has its risks and because of this, it's wise to pay attention to news related to technology to see if anything you're a part of has been compromised. Make sure to change your passwords on websites on a regular basis and certainly after you’ve been notified of a data breach.
Keep up to date: Sign up for our Fraud alerts and Updates newsletter
Want to schedule a conversation? Please email us at advisor@nadicent.com