Symantec Security Response has observed that spammers are abusing Dropbox.
During a 48-hour period, Symantec has monitored that over 1,200 unique Dropbox URLs being used in spam. Because Dropbox is a widely-used service with smartphone applications, people might view Dropbox URLs as reliable and be likely to open them.
With a public folder where files can be plonked and made publicly available, spammers could exploit Dropbox as a free hosting site, creating several accounts and uploading an image and a simple .html file and then using the image to link to, for example, a pharmaceutical site.
Additionally, Dropbox is also being abused by malware authors. Symantec Security Response has discovered a Brazilian Portuguese malware message claiming to contain photos and asking if they can be put onto a popular SNS. The links in the email point to a Trojan hosted on Dropbox.
Apart from Dropbox, Facebook is another popular platform that cyber criminals are targeting. In Feb 2012 alone, Symantec has detected a phishing site recommending a bogus application that allegedly removes the “Timeline” profile for Facebook users. Hosted by a free web hosting site, the phishing site displays a Facebook Timeline promotion video from YouTube, with the claim "Remove Timeline Now".
According to this phishing site, users will have their “Timeline” removed from their Facebook profile and revert to their old profile page—only after they provide their login credentials. Phishers also added that it was protected by an antivirus product with the logo of the antivirus brand placed below the login form to make the fake application look more authentic. If users fell victim to the phishing site by entering their login credentials, phishers would have successfully stolen their information for identity theft purposes.
Here are some practices you can follow to avoid phishing attacks, as advised by Symantec: