A multistep phishing scheme aimed at employees who process financial documents was discovered by Kaspersky. It begins with an email from the legitimate address of an auditing firm.
This initial step is intended to make the recipient less suspicious, easing them into the main fraudulent activity. Then, a notification from Dropbox follows, containing malicious links to archives. Cybercriminals have uploaded phishing files designed to steal credentials.
First, victims receive emails that appear to be from a legitimate auditing firm. These emails come from an authentic address, likely hijacked by attackers. To lower victims’ guard they use Social engineering tactics. The email prepares them to receive a Dropbox archive. “The email seems legitimate from both a human and software perspective. It contains a plausible cover story from an official audit company. It includes a disclaimer about sharing confidential information. Moreover, the email has no links or attachments and originates from a searchable company address, making it hard for spam filters to detect,” explains Roman Dedenok, a security expert at Kaspersky.
The only suspicious aspect is that the sender uses “Dropbox Application Secured Upload,” a nonexistent service. Following this email, perpetrators send an official Dropbox notification. Clicking the link reveals a blurred document with an authentication window. The document acts as a button, with its entire surface being a malicious link. Accordingly, upon clicking, users see a form requesting their corporate login and password. Cybercriminals seek to steal these credentials using this scheme.
Additionally, the attackers target and observe these instances in isolation. Kdaily detailed the scheme in a post. To stay protected, warn employees and encourage vigilance. So, here are some tips: Provide basic cybersecurity training. They subsequently conduct simulated phishing attacks to ensure employees know how to identify phishing emails. Employees should only input their work password on sites owned by their organization. Neither Dropbox nor external auditors need your work password.
As perpetrators devise sophisticated schemes to steal corporate data, implement real-time protection, threat visibility, investigation, and response solutions like Kaspersky’s Next product line.
About Author
