Content

Dropbox phishing scam uses compromised WordPress site

Dropbox users may be the target of a new phishing scam that utilizes a compromised Wordpress site, according to a post Tuesday by Johannes B. Ullrich on the SANS Internet Storm Center InfoSec Community Forums.

In the post Ullirch, SANS Technology Institute's dean of research, describes the scam as doing a good job mimicking Dropbox's overall appearance to include a Dropbox logo and that it uses a compromised Wordpress site to upload the phishing form. He then points out a few giveaways indicating that the email in fact comes from another source.

“First of all, the email is sent from "[email protected]". The domain smtp.com is owned by an e-mail marketing service, and it publishes SPF records. The IP address the e-mail was sent from (74.116.248.222) is not in SMTP.com's approved list,” Ullrich wrote.

Dropbox was contacted for comment, but has not yet replied.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.