Security experts are warning of two major new phishing campaigns directed at Dropbox and Yahoo users, designed to compromise email accounts and enable follow-up scams.
The Yahoo Mail attacks were first discovered around a month ago – arriving in the form of a simple phishing email claiming the victim has to click on a link to restore recently expired email access.
The ‘Update Now’ link leads to a spoofed Yahoo log-in page designed to harvest these credentials, according to Symantec.
However, things then get more interesting, the AV giant explained:
“Shortly after compromising these Yahoo accounts, the scammers logged in to the affected accounts and added an alternate email address. This alternate email address was quite intriguing, as it appears that the scammers registered a copycat email address on Microsoft’s Outlook.com email service using the exact same user name as the @yahoo.com account.
To keep the victims in the dark about their account being compromised, the scammers set up a rule to forward all email messages to the copycat alternate email address and to delete these messages, leaving no trace of the messages within the Yahoo Mail inbox.”
The phishers then used the stolen Yahoo mailbox credentials to send unsolicited messages out to the victims’ address book contacts, in the form of a classic “pretexting” scam.
Specifically, they posed as a family member, claiming there’s been an emergency and that they need to be sent some money.
Symantec urged Yahoo users to enable two-step verification in order to mitigate the risk of being duped by a phishing scam.
In related news, reports have emerged of fake Dropbox emails urging the recipient to click through to view ‘urgent and highly confidential’ documents.
The victim is then required to click on an email icon, after which they’ll be taken to a fake log-in page.
“This latest phishing attack is yet another product of social engineering that easily fools people into sharing login details that open the door to private information. Dropbox is vulnerable to these common attacks as it was not originally designed with enterprise security in mind,” said Ipswitch senior vice president, Alessandro Porro.