The Business Crime Reduction Centre (BCRC) is warning businesses and individuals about scam emails which use a link to a Dropbox file that contains malicious software (malware).
The aim is to trick a business’ employees into clicking a link to Dropbox, the online storage service.
The user is then prompted to download an ‘invoice payment’ or ‘tax return form’, that installs malware onto the victim’s computer. After the computer is infected, the malware encrypts the business’ files and demands a ransom to unlock them.
Fraudsters are using emails designed to look like they are from well-known banks such as HSBC and RBS. According to PhishMe, an anti-phishing website, the email subject matter always concerns important financial issues, such as invoice payments or tax returns.
BCRC’s cyber security specialist, Mark Connell, said: “Dropbox is being used to host malware as its name provides credibility to the scam emails. While many users are suspicious of links in emails, Dropbox is widely used in legitimate business communications. Tell-tale signs that these emails are not genuine include grammatical errors, spelling mistakes and generic greetings such as ‘Dear customer’.”
Dropbox has responded in order to combat the scam and has quickly deleted any malware files found. However, a risk remains during the window of time between the scam emails being sent and Dropbox removing the malicious files, meaning businesses should remain vigilant at all times.
BCRC, which helps business in the Yorkshire and Humber region cope with cybercrime, is warning people not to click on suspicious links in unsolicited emails, reply or forward the email or contact the senders in anyway. Businesses using Dropbox are encouraged to take extra precautions to avoid becoming a victim of the phishing by making staff aware of the threat.
If anyone receives the email please report it to Action Fraud using their online fraud reporting tool or by calling 0300 123 2040. Any small and medium sized businesses in the Yorkshire and Humber region seeking preventative measures against this or any other type of scam are advised to contact BCRC on 0114 275 1283 or email firstname.lastname@example.org.
BCRC is delivered in partnership with Yorkshire-based charity, People United Against Crime and South Yorkshire, North Yorkshire, West Yorkshire and Humberside Police forces and is part financed by the European Union through the Yorkshire and Humber European Regional Development Fund Programme 2007-2013.
For more information visit: www.bcrc-uk.org.