Exploring a Phishing Scam

March 7th, 2017

Today I received an email from a person we used professionally in the past. It contained a message about a Dropbox folder being shared with me. This was weird because I hadn’t talked to this person in years, and the documents appeared to be important.

1

Let’s proceed with caution…

So right off the bat, Google thinks this is spam. That’s great, except about once a month it false positives and puts something I care about into the spam box. I opened the original message up to see if there was anything interesting…

2

Now we’re getting somewhere! If you can’t tell, this was a huge block of html that was made to look like a real Dropbox email. Except instead of linking you to Dropbox, it linked you to this other site:

3

Whoa! The copyright is even up to date (just kidding—it’s not 2015).

In looking at the dropbox area source code I found this: <div id="canadaprovinces">. A google search on that string brings up this tutorial on how to create an image slider. It’s nice to know these guys Google stuff just like the rest of us when they want to make their first phishing site.

So now I have to pick which service to use to log in. Good thing I still have a Yahoo email account!

4

Beautiful.

I filled out the form. No, I didn’t use real info. After pressing Sign In I was redirected to a corporate website for some company. I couldn’t find any reason why it was dumping me onto this site, and it was unrelated to everything else I saw. Weird.

I tried the other login types. Each one submitted through a different form like “aol.php”. But the Google one was special. It brought me to this page:

5

From there if you put a phone number or email address in and hit submit, it would bring you to that same company website. Super weird.

Although I didn’t fall for this scam, I could easily see how others might fall for it. Stay safe out there and be careful when you fill out login information!

Posted under Notebook with tags , , , .