Symantec Warns That Dropbox and Facebook Links Could Be Spam
Symantec Security Response has observed that spammers are abusing Dropbox.
During a 48-hour period, Symantec has monitored that over 1,200 unique Dropbox URLs being used in spam. Because Dropbox is a widely-used service with smartphone applications, people might view Dropbox URLs as reliable and be likely to open them.
With a public folder where files can be plonked and made publicly available, spammers could exploit Dropbox as a free hosting site, creating several accounts and uploading an image and a simple .html file and then using the image to link to, for example, a pharmaceutical site.
Additionally, Dropbox is also being abused by malware authors. Symantec Security Response has discovered a Brazilian Portuguese malware message claiming to contain photos and asking if they can be put onto a popular SNS. The links in the email point to a Trojan hosted on Dropbox.
Apart from Dropbox, Facebook is another popular platform that cyber criminals are targeting. In Feb 2012 alone, Symantec has detected a phishing site recommending a bogus application that allegedly removes the “Timeline” profile for Facebook users. Hosted by a free web hosting site, the phishing site displays a Facebook Timeline promotion video from YouTube, with the claim "Remove Timeline Now".
According to this phishing site, users will have their “Timeline” removed from their Facebook profile and revert to their old profile page—only after they provide their login credentials. Phishers also added that it was protected by an antivirus product with the logo of the antivirus brand placed below the login form to make the fake application look more authentic. If users fell victim to the phishing site by entering their login credentials, phishers would have successfully stolen their information for identity theft purposes.
Here are some practices you can follow to avoid phishing attacks, as advised by Symantec:
- Do not click on suspicious links in email messages
- Avoid providing any personal information when answering an email
- Never enter personal information in a pop-up page or screen
- When entering personal or financial information, ensure the website is encrypted with an SSL certificate by looking for the padlock, 'https', or the green address bar
- Frequently update your security software (such as Norton Internet Security 2012) which protects you from online phishing.