Beware email appearing to come from Dropbox. A gang of hackers from China may be pfishing you by sending you a fake but very authentic looking email. If you open the document in that email, your Dropbox account will become stage number one in a two-stage attempt to use a WordPress blog as the host for malware. The details of this scheme are reported at the security education site, Dark Reading.com in the seventh paragraph from the top.
So, beware email ostensibly from Dropbox. If you receive such an email message, don’t open it! Send an inquiry to Dropbox’s customer service to confirm that Dropbox did indeed send it.
A friend read this post and asked whether it would be best to warn folks to cease using Dropbox. Here was my reply to her:
No, Dropbox is a tremendously useful app. However, users need to be made aware that they can be pfished from any number of directions. All the pfisher needs to do is simulate the look and authority of a service, which they can easily do by grabbing images and official info from the web. People need to beware any communication that tries to gain access to their Dropbox account, such as a directive to visit a web page to reset a password or to confirm one’s profile, etc. If people have any doubt about the genuineness of a communication they should do a Google search using a key phrase that describes the nature of the communication. Web savvy, geeky people who become aware of a pfishing attempt routinely publish about it, or even faster, they tweet about it (and tweets, brief as they are, are indexed by Google web crawlers). So, if there is anything pfishy about the communication, other users have likely discovered that and published a warning. That’s why it’s so important to be suspicious, and to Google to see whether anyone is aware of a hacking attempt. Another more time consuming route would be to email or call customer service at Dropbox. Thanks for asking!
Thank you for your message which so aptly applies to other applications in use. I generally confirm the source of emails that are suspicious or don’t open them at all. I will pass this information on to my network.