I received an email yesterday that ties together a lot of things we’ve talked about recently. The first being phishing schemes (pronounced just like ‘fishing’ in case you didn’t know). A phishing scheme is an email that claims to be from a legitimate source and asks you to click on a link or open an attachment or perhaps enter your information to reset your password.

This particular email tried to pass itself off as a link to a Dropbox file. Dropbox is a cloud storage service and a very common way for businesses to move large files about. I do have a Dropbox account and sometimes exchange files via Dropbox, so in a busy work situation where lots of Dropbox files are exchanged, I can see how someone one might click without thinking and fall for it.

fake-drop-box.jpg

They used the strategy of pretending to be from people and not a company or the government.

fake-drop-box-from

They did a pretty good impersonation of what an actual Dropbox link looks like.

viewdocs.jpg

Since I don’t know these people and wasn’t expecting a link, there was no way I was going to click on it.  Odds are this link would take me to a site that would load up my PC with Malware or possibly lock it up with ransomware. Instead of getting rid of it immediately, I did choose to right-click on the link and choose Copy link. 

Any of the other options on the drop-down menu would be a very bad idea.

fake-docks.jpg

Then I pasted it in Wordpad. I chose Wordpad because links aren’t active in that program like they are in Word. The link isn’t even to Dropbox.

link-copied.jpg

Legitimate Dropbox links start with the Dropbox site.

actual-dropbox.jpg

My next important step is to report this message as a phishing scheme. Since I use Outlook online, I can click the three-dot menu icon at the top-right of the message and choose Mark as phishing.

mark-phish.jpg

Marking as spam or junk and blocking the sender is an option. Though it’s unlikely that the shown address is actually where the message came from.

More and more often these days, scammers are targeting businesses and organizations with ransomware because they are higher-value victims. So, if you’re part of a business or a group, it’s very important that everyone knows not to click on phishing schemes like this.