From: “Dropbox” <firstname.lastname@example.org>
To: “Recipients” <email@example.com>
Sent: Friday, August 5, 2016 3:50:42 PM
Subject: You have 1 document sent to you via Dropbox shared folder
You have 1 document sent to you via Dropbox shared folder
Log in with your Access ID ***@psu.edu to view shared document.
View Folder <– Link leads to a fake Dropbox log-in page hosted in the boxjewelry.ru domain
NOTE: You are accessing a highly secured shared documents.
– The Dropbox Team
Dropbox keeps your files safe, synced, and easy to share. To view the document, open folder and sign in with your email to continue to Dropbox.
© 2016 Dropbox
This phish is an almost identical repeat of a phish with the same subject from last week. The signs that it’s a phish are pretty much the same:
- The generic “Recipients” in the To field
- The lack of any mention of a specific person’s name in the greeting or information about the sharing properties of the supposed file
- Penn State has no official affiliation with Dropbox, so you would never use your Access Account to log in to their service (Penn State uses Box, instead)
- The address linked in the message is not a Dropbox URL, it is in the boxjewelry.ru domain and leads to a fake Dropbox login page