Dropbox phishing scam uses compromised Wordpress site

Dropbox users may be the target of a new phishing scam that utilises a compromised Wordpress site, according to a post Tuesday by Johannes B. Ullrich on the SANS Internet Storm Center InfoSec Community Forums.

In the post Ullirch, SANS Technology Institute's dean of research, describes the scam as doing a good job mimicking Dropbox's overall appearance to include a Dropbox logo and that it uses a compromised Wordpress site to upload the phishing form. He then points out a few giveaways indicating that the email in fact comes from another source.

“First of all, the email is sent from 'dropbox@smtp.com'. The domain smtp.com is owned by an e-mail marketing service, and it publishes SPF records. The IP address the e-mail was sent from (74.116.248.222) is not in SMTP.com's approved list,” Ullrich wrote.

Dropbox was contacted for comment, but has not yet replied.

This story first appeared on SCMagazine.com. 

Sign up to our newsletters