Business users targeted by phishing on Dropbox

Hackers are sending out phishing emails to users trying to get them to access a file on the popular file-sharing service Dropbox. And if your users open it, your company could be in for a serious headache. 

The email tells users to download a .ZIP file, claiming it contains an invoice or incoming fax, according to PhishMe, a security vendor that received several phishing attempts. (With a name like PhishMe, it seems like they were just asking for it.)

When the file is opened, however, it infects users with a virus similar to Cryptolocker that locks users out of their systems until a $500 bribe is paid using Bitcoin.

Take too long to pay, and the cost goes up to $1,000 to access your own files.

It’s not clear if this attack is only targeting business users. But PhishMe received at least 20 attempts against its own users, which indicates the hackers are at the very least indiscriminately targeting personal and business computers.

What to do to prevent phishing

As always, users are your best defense against phishing attacks (after email filters, of course).

Remind users that if they get a suspicious file as an attachment or see a link they think may be malicious, it’s important to do more than just hit “delete.” They should also advise IT so you can act before other, less discerning users attempt to access the file.

You’ll also want to search for (and perhaps block) any .ZIP files that are incoming to your users. Unless you frequently deal with these files, it could be an indication you’re being targeted.

Finally, as tempting as it is to give in, you may not want to buy your way out of an infected system. Although $500 may not be the difference between being in the red or the black:

  • it’s not immediately clear whether paying up will actually remove the antivirus,  and
  • paying could mark your organization for future, more targeted attacks.