Author Topic: Dropbox scam  (Read 2528 times)

0 Members and 1 Guest are viewing this topic.

Offline clamshred

  • Newbie
  • *
  • Posts: 3
Dropbox scam
« on: March 08, 2018, 04:15:19 AM »
Think I might have been caught by a Dropbox phishing scam: inserted password to get access to Dropbox file. Password has Avast lock on it. Is that likely to be effective?

Offline Insomnimatic

  • Beta Tester
  • Newbie
  • *
  • Posts: 19
  • Musician, Programmer, Beginner Electronic Designer
    • My Original Music
Re: Dropbox scam
« Reply #1 on: March 08, 2018, 04:22:38 AM »
It's possible if the Dropbox page that you went to was set up as a web page. If it has a Username input, a Password Input and the URL is a Dropbox URL, Passwords might have been fooled by that. I suggest changing that password as soon as possible just in case it was phished.

Edit: Thinking about it, that's a really interesting way to phish for account information. I don't think many people would have thought about setting up something like that. At least you brought attention to it so it can be addressed in Passwords.
« Last Edit: March 08, 2018, 04:30:42 AM by Donald105 »
Unofficial Certified Trash

Offline clamshred

  • Newbie
  • *
  • Posts: 3
Re: Dropbox scam
« Reply #2 on: March 08, 2018, 04:46:02 AM »
Thanks for this. Don't think it was set up in the way you describe but intend to change password anyway.

Offline Martin Kvetko

  • Avast team
  • Sr. Member
  • *
  • Posts: 308
Re: Dropbox scam
« Reply #3 on: March 14, 2018, 09:55:23 AM »
Yes to be sure you are safe please change the password.
Avast passwords is designed in the way it never publish your credentials from domain A (e.g. dropbox.com) to form running on domain B (e.g. fake-dropbox.com) so if we have autofilled your dropbox credentials to the site, the form refered to dropbox.com but if you any doubts about the page or procedure the easiest and most effective way to stay protected is change the password for possibly compromised service.

Offline Insomnimatic

  • Beta Tester
  • Newbie
  • *
  • Posts: 19
  • Musician, Programmer, Beginner Electronic Designer
    • My Original Music
Re: Dropbox scam
« Reply #4 on: March 15, 2018, 12:45:25 AM »
The way I thought he was describing the attempt was a page or script in a Dropbox account folder that asked for credentials. Do you think there would be an issue with that? It would be on the correct domain (dropbox.com/user/folder/phishing attack.php). If Dropbox is capable of running PHP, that would be an issue. All you would essentially need is to create code with a username/password field.
Unofficial Certified Trash

Offline clamshred

  • Newbie
  • *
  • Posts: 3
Re: Dropbox scam
« Reply #5 on: March 18, 2018, 01:52:48 AM »
Thanks folks. Passwords successfully changed and all seems well, except maybe a slight increase in junk mail getting past my spam filter. Maybe that's connected to the phishing.