Yesterday a staff member received a very legitimate looking email, from someone he knew, saying there had been a document shared with him, and that he would need to sign in to see it.  This is of course a very clever attempt at trying to gain persons email login information.

dropbox-phishing-screen

The email shown above looks very legitimate, but don’t be fooled.

Things to watch out for:

  • emails that ask you to reply with your username/email and password
  • emails with links to fake login or password reset pages
  • emails with links to view or download a file from someone you don’t know
  • emails that mention a current event, entice you with a prize or deal that is too good to be true, or pretend that there’s an urgent reason for you to respond or click on a link
  • links on social network posts or comments that lead to fake login or password reset pages
  • targeted attacks that appear like they’re from someone you know or includes personal information to get you to respond or click on a link

This blog article looks at in further detail.