(519) 282-8272
GO WHERE YOU WANT. let me help you get there.

Don't Fall Prey to Phishing Attacks!

by Chad Tiffin

The other day I got an email from a recipient that sounded familiar, with the subject line “PO 21255”. I wasn’t expecting any sort of order, but having a potential client finally pull the trigger on a project that I had long considered dead is not completely unheard of, so I opened up the email.

It was a little sparse on explanation, and combined with the fact that I wasn’t expecting it I was a little suspicious, but I was curious, so I opened the attachment as well.

Even more suspicious, but plausible, and I was still curious, so let’s see where this goes… Clicking the link opened up a window with this screen:

Looks like a pretty convincing Dropbox login doesn’t it? The only giveaway is the address bar – it shows a domain that’s NOT dropbox.com, which is the one thing these scam’s CAN’T imitate, so this should ALWAYS be your tip-off if you’re suspicious (and you should always be suspicious).

So this was indeed a Phishing scam – which is an attempt at stealing your password by tricking you into entering your login information into a false login form. So this form isn’t a Dropbox form at all in fact, its a malicious website that’s attempting to trick me into logging into dropbox to view a file.

While there was absolutely NO WAY I was about to enter my REAL login information into this, I was still curious to see where it lead. So I put in a completely fake login/password, which prompted me for a “recovery phone number” – another attempt at mining my information, and after got through that, I finally ended up on a bogus pdf file.

Lessons Learned

A few lessons can be gleaned from this observation of a phishing expedition:

  1. Always make sure the URL of the login is what you expect it to be.
  2. Try to make sure your passwords are different from one service to the next: Your Dropbox password should be different from your email password, which should be different from your Facebook password. That way if one of your passwords is compromised, the damage is contained.
  3. Finally, if something SEEMS suspicious, there’s probably reason for it.

Safe browsing!

Categories: General, Tips for Clients,

Chad Tiffin

Chad Tiffin

In addition to running his own freelance web development company, Chad often works on long-term contract for companies in need of an in-house developer for ambitious software projects.