Dropbox phishing scam uses compromised WordPress site

Dropbox users may be the target of a new phishing scam that utilizes a compromised Wordpress site, according to a post Tuesday by Johannes B. Ullrich on the SANS Internet Storm Center InfoSec Community Forums.

In the post Ullirch, SANS Technology Institute's dean of research, describes the scam as doing a good job mimicking Dropbox's overall appearance to include a Dropbox logo and that it uses a compromised Wordpress site to upload the phishing form. He then points out a few giveaways indicating that the email in fact comes from another source.

“First of all, the email is sent from "[email protected]". The domain is owned by an e-mail marketing service, and it publishes SPF records. The IP address the e-mail was sent from ( is not in's approved list,” Ullrich wrote.

Dropbox was contacted for comment, but has not yet replied.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.