Fake Dropbox login page steals personal details

Posted: 22/10/2014

RPS asks if you use dropbox for your personal files or for work. If you do, then read further to avoid being scammed.

An email with the subject “important” tells recipients that they must sign into Dropbox in order to view a document too big to be sent via regular email, but clicking on the link included in the message brings people to a fake Dropbox login page that is actually hosted on Dropbox.

The fake login page is hosted on Dropbox's user content domain, is served over SSL, and entered credentials are sent to a PHP script on a compromised web server and are also submitted over SSL, according to a Friday Symantec post, which explains that not sending credentials over SSL would prompt a security warning.

The PHP script redirects victims to the real Dropbox login page after their usernames and passwords are entered, the post indicates, adding that it is not just Dropbox credentials the attackers are going after; the phony login page includes logos for popular web-based email services, implying that recipients can use those credentials to log in, as well.

The attackers did not serve up certain resources on the page – such as images or style sheets – over SSL, according to the post, which explains that using non-SSL resources on a page served over SSL prompts warnings in newer versions of certain browsers.

Thanks to the original article: http://www.scmagazine.com/phony-dropbox-login-page-steals-credentials/article/378244/ posted on 20 Oct 14.

Back to News List