Dropbox phishing scam uses compromised Wordpress site

Dropbox users may be the target of a new phishing scam that utilizes a compromised Wordpress site, according to a post by Johannes B. Ullrich on the Internet Storm Center InfoSec Community Forums.
Dropbox users may be the target of a new phishing scam that utilizes a compromised Wordpress site, according to a post by Johannes B. Ullrich on the Internet Storm Center InfoSec Community Forums.

Dropbox users may be the target of a new phishing scam that utilizes a compromised Wordpress site, according to a post Tuesday by Johannes B. Ullrich on the SANS Internet Storm Center InfoSec Community Forums.

In the post Ullirch, SANS Technology Institute's dean of research, describes the scam as doing a good job mimicking Dropbox's overall appearance to include a Dropbox logo and that it uses a compromised Wordpress site to upload the phishing form. He then points out a few giveaways indicating that the email in fact comes from another source.

“First of all, the email is sent from "dropbox@smtp.com". The domain smtp.com is owned by an e-mail marketing service, and it publishes SPF records. The IP address the e-mail was sent from (74.116.248.222) is not in SMTP.com's approved list,” Ullrich wrote.

Dropbox was contacted for comment, but has not yet replied.

You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS