I became one of the Dropbox phishing victims last week. And it sent you an scam email. I am sorry about it. Please do not open it, and delete the email saying “I used dropbox to share a file with you!” from me. I did not send the email to you. It was a scam by a hacker. It takes your email and dropbox login information. And steal your email contacts and send the same email to all of them. I lost most of email addresses in my google contact list, and lost most of phone numbers in my cell phone. If you opened it and typed in your email address and password for google mail or dropbox after opening the scam link, you should change your password(google & dropbox). And please advise your email contacts about this attack.
See the following articles.
Ken Kim
제가 지난 주에 아주 오랜만에 (10여년?) 친구 스티븐한테서 이멜을 받았읍니다. 내용은 간단하게 "Dropbox 에 파일을 올려 놓았으니 보라"는 내용이었습니다. 하도 반가워서 열어보았더니 열리지 않더군요. 그런데 Dropbox 에 username과 password를 넣으라고 해서, '아하 참 패스워드를 넣어야 열리지' 하고는 패스워드를 넣었습니다. 그리고 나서 잠깐 나갔다가 다시 컴퓨터를 키고 이멜(gmail)을 열었더니 패스워드를 넣으라고 하더군요. 또 한번 user name과 password를 넣었지요. 그러나 이것은 hacker의 스캠이었습니다. 가짜 dropbox 록인 페이지와 가짜 gmail log-in page를 만들어 놓고 저의 username과 password를 훔쳐가는 교묘한 수단이었습니다. 이 hacker는 저의 이멜을 맘대로 열고 저의 contact list에 있는 모든 이멜 주소와 전화번호를 빼갔읍니다. 그리고 그 모든 이멜에 또다시 같은 "Dropbox 에 파일을 올려 놓았으니 보라"는 간절한 내용의 이멜을 보내었습니다. 혹시 이런 이멜을 저한테서 또는 어느 지인한테서 받으시거든 열지말고 지우시고, 또 그 보낸분 한테 알려주고(보낸 사람은 자기가 이런 dropbox 이멜을 보냈다는 사실을 모릅니다) 이멜 password를 곧 바꾸라고 하십시요. 혹시 이멜에 은행구좌 정보가 있을 수도 있으이까요.
그리고 이들이 빼간 이멜(컴퓨터)과 전화번호(셀폰)등은 다 잃어버려서 다시 찾아서 입력을 해야합니다.
저의 실수로 피해를 끼치게 되어서 미안합니다.
김근래 드림
Dropbox Phishing ... Google Drive Scam Takes Information While the Dropbox scheme is stealing money, the Google Drive scam is designed to steal the user’s login information. Victims of this scam receive an email stating there are documents ready. The link takes them to the Google Drive’s site and they enter their log in information. The page that victims are directed to, while on the Google network and using the same SSL encryption, is not actually the log in page. This is how the perpetrators are able to steal sensitive user information. The site is a near perfect replica of the actual Google login page, easily fooling any user. However, there is a glitch that can help visitors keep from becoming victims. There is a dropdown list in the corner that allows the language on the page to be changed. The list has question marks on both sides, and sometimes in the middle, of the options. Google Drive Dropdownimage credit: Zero Security The difference is caused by a possible corruption when the phishers converted the copy. Instead of being a UTF-8 character encryption, it is now an ISO-8859-1. Because pages display differently on different browsers and in different parts of the world, the list is often overlooked. Those who have noticed it may have thought the browser had problems displaying the page. Both the Google Drive and Dropbox phishing scams are relatively new. As always, the best way users can protect themselves is not opening anything suspicious. If the recipient is not expecting documents or faxes, do not go to these sites without verifying with the supposed sender of their authenticity. Google customers can also enable a two-step verification process to help protect their accounts. Be sure to leave us your thoughts on these new scams.
- http://blog.malwareb...-drop
June 23 2014 - "It’s after your email usernames and passwords. All of them if possible, actually.
Screenshot: http://cdn.blog.
We suggest that you forget about the image you wanted to see that resulted to this page loading up and -close- the browser tab immediately. As those who are familiar with phishing know, the only end result for anyone who willingly (albeit unknowingly) hand over their digital keys to the wrong hands is more trouble. From the interface, we can infer that this -phishing- campaign placed priority into getting credentials from Yahoo!, Gmail, Hotmail, and Aol email users. Clicking each logo on the page displays a little window where one can provide their login details.
> http://blog.malwareb...
Clicking the green “Sign In” button leads users to the default login pages of these email services. If one happens to use the same user name and password combination across his/her online accounts, from cloud storage sites like Dropbox to digital libraries, emails and social networks (clearly a bad practice we should stop doing), it’s highly likely that more than one account would get compromised with just a single phishing campaign. Several security vendors flag this page as malicious as well since they detect a script in it as equally malicious. Furthermore, we found that the domain where this page is hosted [an official website of a company that is into the trading and wholesale of alloy wheels and accessories] was -hacked- and defaced in January this year. We can only assume that either the security issues surrounding the website has not been fully addressed or the issues were never mitigated..."
