Beware Dropbox Shared File Phishing Emails

Every now and then, I get a phishing email that’s well enough crafted that it’s worth highlighting. Yesterday, I got one purporting to be from Dropbox, alerting me to a file shared by “David.” Well, I know a few Davids, so I wondered who it could be from. But then I used the standard method of checking these emails: I hovered my cursor over the button in the email to see what the link was behind it.

Dropbox phishing

As you can see above, the link went to a server in Denmark (I’ve blurred the name of the server), but the link also has http://www.dropbox.com in it, trying to trip up users who look at links.

So heed the warning: be very careful about clicking links in emails. This one probably led to a bogus Dropbox login page (the page had been removed when I clicked the link to check it), which would give up your Dropbox credentials, and potentially provide access to a lot of personal files.