Brandjacking – Dropbox Scam

It is incredibly frightening how easy it is becoming for our personal data to be stolen. Nowadays, all scammers need us to do is unwittingly click on one single link in an email. Everyday, cybercriminals are devising new techniques and methods to get us to click on said links. One such method that is on the up is brandjacking.

Brandjacking is the unauthorized use of a company’s brand to deceive a victim. Basically, scammers will use the logos and trademarks of popular companies. They can then trick people into thinking they are communicating with the actual company.

An email template is constructed to using a well-known company’s branding with the intention of exploiting the victim’s trust. When the victim receives the scam email, they feel safe opening it as it has all the signs of being legitimate. The reality, is the email will contain a link that is used to extract the victim’s credentials and/ or data.


Dropbox Brandjacking:

Dropbox is a very popular cloud-based storage application. It can be used for personal file storage, or as a sharing platform. Chances are, a lot of our readers use it on a regular basis.

When someone decides to share files to you via Dropbox, you receive an email notification. This email will provide a link to the data that has been voluntarily shared with you. If the email is legitimate, the link will direct you to someone’s Dropbox site. Very simple stuff! This simplicity however, is what the hacker relies on.

If the email is indeed a ‘brandjacked’ scam, then we can be in serious trouble should we click on any of the included links. The links are unsafe and are fundamentally tools used to extract personal data. The hacker hopes that the recipient will click the link without really giving it two thoughts.

In this example, the link will direct the victim to a bogus login page. The victim thinks they are being taken to the Dropbox sign-in page.

The user is actually taken to the below webpage:

This login page sure looks believable. Entering credentials here would essentially be serving up your personal data on a plate. The hacker is using this webpage to harvest people’s login details, allowing them access to your Dropbox.

The situation however, becomes even more detrimental should you use the same password for other websites. For example, a victim might use the same login credentials for their internet banking. This means the hacker now has access to their bank details, as well as Dropbox of course.

To bring this full circle, you now get the idea of how mistakenly clicking on one single link could be a life-changing event. Unfortunately in this scenario, we don’t mean a change for the better. Beware!


Red Flags:

The below list is a reminder of the things you should look at when analyzing the legitimacy of an email:

  • Generic greetings such as “Dear Sir/ Madam”
  • A sense of urgency to email, something like “Your account will be disabled…”
  • Bad grammar & punctuation
  • Distorted images as well as any images that do display correctly
  • Hover over any links to see where you’re really being directed (bogus URLS/ websites)
  • Email address of sender, for example “…@dropboxxx”

Contact Us:

If you find yourself constantly on the receiving end of spam emails and are unsure what move to make next, speak to one of our security specialists today.

Either call 1300 770035 or drop us an email at security@bangitsolutions.com

Return to Blog Home

Comments are closed.