New Dropbox-Based Pandemic Relief Payment Scam Targets U.K. Microsoft 365 Users, Bypassing Email Security

dropbox scamUsing a Dropbox Transfer page, this new scam presses all the urgency buttons while eluding detection as being malicious in an effort to steal the victim’s online credentials.

It seems like Microsoft (formerly Office) 365 credentials are a cybercriminal currency, as everyone wants them to perpetuate scams. So, it’s no surprise to see that this scam ends with a look-alike web page (in this case using a Google form) attempting to trick the victim user into giving up their Microsoft 365 logon details.

What makes this scam pretty impressive is a few details:

  • It’s using the idea of attaining pandemic relief as the source of urgency
  • It’s using a known source of U.K. government funding (the Small Business Grants Fund)
  • It uses a link to a PDF under the guise of filling out a form to receive the relief – something most people are expecting to need to do in one fashion or another
  • It puts a supposed expiration deadline on the link to increase urgency
  • It uses Dropbox Transfer to take victims to a legitimate transfer page where the PDF resides – this is the crafty part; there’s nothing malicious about this step, so security solutions don’t have a problem with it.

But there are a few details that make it obvious that this is a scam:

  • The sender is a Dropbox no-reply email address (not a U.K. government domain)
  • The email isn’t expected – a major red flag
  • The user experience of opening a PDF and then being taken to logon to your Microsoft 365 account (there’s no real-world use case where this would happen)

So, while this is a relatively decent example of a phishing scam, users that have undergone Security Awareness Training will have scrutinized the last set of details and easily spotted that this email – at a minimum – looks suspicious and should be ignored.

Free Phishing Security Test

Would your users fall for convincing phishing attacks? Take the first step now and find out before bad actors do. Plus, see how you stack up against your peers with phishing Industry Benchmarks. The Phish-prone percentage is usually higher than you expect and is great ammo to get budget.

PST ResultsHere's how it works:

  • Immediately start your test for up to 100 users (no need to talk to anyone)
  • Select from 20+ languages and customize the phishing test template based on your environment
  • Choose the landing page your users see after they click
  • Show users which red flags they missed, or a 404 page
  • Get a PDF emailed to you in 24 hours with your Phish-prone % and charts to share with management
  • See how your organization compares to others in your industry

Go Phishing Now!

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

Subscribe To Our Blog

Cybersecurity Awareness Month Resource Kit

Get the latest about social engineering

Subscribe to CyberheistNews