Beware of fraudulent emails linking to shared documents

The information below was sent via email on January 25, 2016, to the IT Security Community and Frontline Notify groups.


We are seeing an increase in fraudulent messages about shared documents in Dropbox and other document sharing services. We would appreciate your help in reminding people to check links to shared documents carefully before opening them.

Phishing Emails about Shared Documents

The messages we are seeing this week:

  • Come from addresses the recipients recognize and trust (because they come from compromised accounts).
  • Tell the recipient a document has been shared with them through Dropbox.

If the recipient opens the link to the shared document, they are prompted to log in. The login screen may contain icons or other graphical elements associated with security vendors or document sharing services. If the recipient tries to log in, their password is stolen and their account compromised. Their compromised account may then be used to send phishing emails with fraudulent shared document links to all of their contacts.

Check Before Opening Shared Documents

If you receive an email telling you that a document has been shared with you, check carefully before opening the document.

  • Hover over the link to the document and check the URL. Does it look like a URL for the indicated document sharing service?
  • Are you expecting a shared document from the sender? If not, phone and ask if they sent you one.
  • Are you asked to log in on an unfamiliar screen? If so, don't log in. Phone the apparent sender and check.
  • Does your intuition tell you something is wrong? Check before you click. Phone the sender. Or phone the ITS Service Center.

Examples Are on Safe Computing

Some recent examples of fraudulent emails about shared documents are posted at Spam, Phishing, and Suspicious Email on Safe Computing:

Thank you for your help.

Sincerely,
ITS Information and Infrastructure Assurance