This phish does a good job of appearing to come from Dropbox, even though it does not. However, you can tell it’s a phish from several details:
- The generic “Recipients” in the To field
- The lack of any mention of a specific person’s name in the greeting or information about the sharing properties of the supposed file
- Penn State has no official affiliation with Dropbox, so you would never use your Access Account to log in to their service (Penn State uses Box, instead)
- The address linked in the message is not a Dropbox URL, it is in the ankarabeyazesyaservisi.net domain and leads to a fake Dropbox login page
From: “Dropbox” <firstname.lastname@example.org>
To: “Recipients” <email@example.com>
Sent: Monday, July 25, 2016 4:07:58 PM
Subject: You have 1 document sent to you via Dropbox Shared Folder
You have 1 document sent to you via Dropbox Shared Folder
View folder below and sign in with your Penn State Access ID (***@psu.edu) and password to view the shared document
View Folder <– Link goes to a fake Dropbox login page
NOTE: You are accessing a highly secured shared documents.
– The Dropbox Team
Dropbox keeps your files safe, synced, and easy to share. To view the document, open folder and sign in with your email to continue to Dropbox.
© 2016 Dropbox