Using a Dropbox Transfer page, this new scam presses all the urgency buttons while eluding detection as being malicious in an effort to steal the victim’s online credentials.
It seems like Microsoft (formerly Office) 365 credentials are a cybercriminal currency, as everyone wants them to perpetuate scams. So, it’s no surprise to see that this scam ends with a look-alike web page (in this case using a Google form) attempting to trick the victim user into giving up their Microsoft 365 logon details.
What makes this scam pretty impressive is a few details:
- It’s using the idea of attaining pandemic relief as the source of urgency
- It’s using a known source of U.K. government funding (the Small Business Grants Fund)
- It uses a link to a PDF under the guise of filling out a form to receive the relief – something most people are expecting to need to do in one fashion or another
- It puts a supposed expiration deadline on the link to increase urgency
- It uses Dropbox Transfer to take victims to a legitimate transfer page where the PDF resides – this is the crafty part; there’s nothing malicious about this step, so security solutions don’t have a problem with it.
But there are a few details that make it obvious that this is a scam:
.png)
- The sender is a Dropbox no-reply email address (not a U.K. government domain)
- The email isn’t expected – a major red flag
- The user experience of opening a PDF and then being taken to logon to your Microsoft 365 account (there’s no real-world use case where this would happen)
So, while this is a relatively decent example of a phishing scam, users that have undergone Security Awareness Training will have scrutinized the last set of details and easily spotted that this email – at a minimum – looks suspicious and should be ignored.
Here's how it works:
