Dropbox phishing scam uses compromised Wordpress site

Dropbox users may be the target of a new phishing scam that utilises a compromised Wordpress site, according to a post Tuesday by Johannes B. Ullrich on the SANS Internet Storm Center InfoSec Community Forums.

In the post Ullirch, SANS Technology Institute's dean of research, describes the scam as doing a good job mimicking Dropbox's overall appearance to include a Dropbox logo and that it uses a compromised Wordpress site to upload the phishing form. He then points out a few giveaways indicating that the email in fact comes from another source.

“First of all, the email is sent from 'dropbox@smtp.com'. The domain smtp.com is owned by an e-mail marketing service, and it publishes SPF records. The IP address the e-mail was sent from (74.116.248.222) is not in SMTP.com's approved list,” Ullrich wrote.

Dropbox was contacted for comment, but has not yet replied.

This story first appeared on SCMagazine.com.