Skip to content

Hackers exploit Dropbox in widespread BEC 3.0 attack campaign

  • by
  • 2 min read

Cybercriminals launched widespread Business Email Compromise (BEC) 3.0 attacks utilising Dropbox in September, recording over 5,440 incidents in just two weeks.

Researchers from Check Point have unveiled the attack campaign that has affected thousands. The attackers have adopted a clever strategy, exploiting Dropbox to create fraudulent login pages that ultimately funnel victims to credential-harvesting sites.

Check Point researchers promptly alerted Dropbox about the ongoing campaign on September 18th.

These attacks fall under Business Email Compromise (BEC) 3.0, a term used to describe cyberattacks that utilise legitimate platforms like Dropbox to disseminate and host phishing materials. The inherent trustworthiness of these platforms makes it exceptionally challenging for both email security services and users to detect and combat these threats effectively.

The attack sequence explained

This is an image of dropboxphishingscam ss1
A sample of the phishing email. | Source: Check Point

The attack sequence begins with an innocuous-looking email, resembling a genuine Dropbox notification, prompting users to believe they have a document to review. Once users click on the email, they are redirected to what appears to be a legitimate Dropbox pae, albeit with content resembling OneDrive. Unbeknownst to the users, this page is the entry point to the final stage — a credential-harvesting page hosted outside of Dropbox, where cybercriminals aim to pilfer sensitive login information.

The evolution of Business Email Compromise attacks has been swift and sophisticated. Initially, attackers relied on gift card scams, which used spoofed emails to deceive employees into purchasing gift cards. Subsequently, compromised accounts, including those of internal users or partners, were leveraged for more intricate attacks.

Mitigating the spam

The researchers believe that education has to become a necessary component to mitigate this spam. End-users must exercise caution by scrutinising email senders and the content they receive. They can also hover over the URLs within Dropbox pages and check the link’s content.

Using advanced technologies like artificial intelligence to analyse and identify phishing indicators, deploying a foolproof URL protection system, and file scanning capabilities will help mitigate these scams.

In the News: APT34 deploys new Menorah malware in targeted phishing attack

Kumar Hemant

Kumar Hemant

Deputy Editor at Candid.Technology. Hemant writes at the intersection of tech and culture and has a keen interest in science, social issues and international relations. You can contact him here: kumarhemant@pm.me

Related Reads

This is an image of dark web hacker security

Security flaw in Dahua CCTVs allows remote access

This is an image of python windows featured

Hackers are targeting Python developers with fake PyPI sites

This is an image of apple featured 2323424823

Apple patches Safari bug; Already exploited in Chrome

This is an image of dark web hacker security

Vibe coding platform breach exposes corporate apps

This is an image of dark web hacker security

Fake apps are stealing data blackmailing users on Asian mobile networks

This is an image of ransomware 32988sd

FBI collects dues from Chaos ransomware gang; $2.4 million in crypto seized

>