The latest phishing scam targets credentials for email services by tricking users into believing that they have received an email containing confidential documents that can be downloaded via the Dropbox application.
Scammers Target Credentials for Various Webmail Services
The scam mail contains a link that leads to a web page with logos for a number of webmail services like Yahoo, Outlook, Gmail and others. In order to access the important documents, the user is asked to login. As the victim clicks on each of the logos, he gets redirected to a fake login page for the particular provider, and the entered data gets automatically transferred to the attackers.
The cyber criminals also target credentials for less popular email services.
Users, who have activated 2FA for the services are safe from the scam.
Suspicious Email Access Reported by Some Services
Some web services are designed to send notifications in case suspicious account access is detected. If someone logs in from a different IP or location, the services provide a link for changing the password.
The scheme is well known, and the only thing that the crooks change is the content of the email in order to fit the latest trends. In this particular scam, they follow a classic pattern: vague details about the body of the message and quite an urge to follow the provided link.
Users are advised to inspect such messages carefully and look for giveaway signs. Legitimate services address their clients by the name they have entered upon registration.