Dropbox Phishing through Compromised WordPress Sites

free essayDropbox users may have been victims of phishing through the compromised WordPress website. The security incident happened on August, 2015.The victims of the phishing attempt may have inadvertently revealed their Dropbox passwords to hackers, thinking that they were logging into their Dropbox account to enhance the security of the accounts. The phishing incident led to a massive data leakage of Dropbox. Phishers stole login credentials from a significant number of victims. Other internet users reported successful logging to the drop box accounts using the login credentials released after the phishing incident. Phishing files stored in Dropbox accounts hosted the scam. It functions primarily by replicating the Dropbox login page to such an extent that ordinary users may not realize that the website they are redirected to is a fake Dropbox login page.  The scam did not seek to phish passwords and usernames from Dropbox only; the fake login page also provided options for logging into other web-based email services such as Gmail and Yahoo mail.

Get a price quote

Victims were reported to receive an email that purported to be sent by Dropbox. The email received mimicked the appearance and general functionality of emails sent by Dropbox. The “from” address also bore the ‘Dropbox’ name in order to convince the users further: dropbox@smtp.com. The email informs the receiver that their Dropbox account requires a compulsory password update to reduce the account’s hacking risk. The email includes the word important as part of the email subject so as to enhance the emails sense of urgency and trick the victims. The email also informs the user that they can view a document containing credentials of previous victims by clicking on the link and logging into their Dropbox account.  The scammers prey on the victim’s heightened anxiety and curiosity to nudge them into clicking on the link.
Save 25% on your ORDER Save 25% on your ORDER

Exclusive savings! Save 25% on your ORDER

Get 15% OFF your FIRST ORDER (code: leader15) + 10% OFF every order by receiving 300 words/page instead of 275 words/page

The user’s choice to click on the link redirects them to a login page that looks exactly like the one used by Dropbox. The resemblance of the bogus login page and the original Dropbox login page is made possible by the fact that the Dropbox page is served over SSL, a weakness that the attackers exploited. Once the victim is on the fake login page, they are asked for their Dropbox login credentials. The attacker then records the passwords and usernames of the victims and sends the credentials to the command and control node. The phisher sends a ‘not-available’ response to the browser making the victim assume that there has been a timeout on the web page. Once the victim has entered his credentials, there is no corrective action they can take. The attacker can then store the password and username combination to attack later or sell them to another party. A potential victim could, however, avoid the scam by checking the address of the link which is bound to be substantially different from that used by Dropbox. However, few users are likely to check this before inputting their login credentials.

Our Benefits

  • English-Speaking Writers
  • Plagiarism-Free Papers
  • Confidentiality Guaranteed
  • VIP Services
  • 300 Words/Page
  • Affordable Prices

It is possible for phishing to occur through compromised WordPress websites without the owner of the site ever being aware. This particular scam utilizes WordPress sites to serve phishing pages to victims using secure security channels. By using channels that have SSL, the possibility that the browser will give security warnings to the potential victim visiting the phishing page are minimized. Despite the page being over SSL some of the content is not served over the secure SSL protocol. Some browsers may, therefore, show some subtle warnings to the user such as a change in color of the padlock on the taskbar. The warnings may, however, go unnoticed by the user and thus by the time the user realizes that phishing has occurred, the hacker has already stolen the login credentials.

How It Works

Compromised WordPress websites have been used to carry out numerous phishing scams and in spreading malware. A considerable percentage of WordPress sites run plugins that are vulnerable to external attacks by hackers. Phishers hide the phishing files in subfolders which are not linked to the main pages of the WordPress website. The attacks on the WordPress sites are, therefore, hard to detect because scanning of the WordPress site is unlikely to discover the hidden phishing files. The attacks on the WordPress websites that ultimately enable phishing attacks using the sites is attributable to software vulnerabilities of the WordPress platform and poor passwords and usernames combinations in credentials used by the administrators of the websites.

Discount applied successfully