We’ve seen an increasing number of innocuous-looking emails with links to files stored in either Dropbox or OneDrive.
Because the documents are stored on a service that most people recognise (and trust), the links appear legitimate – and in fact do take you through to Dropbox or OneDrive. The document opens and contains what looks like a link to log in to your account. That’s where the problems begin…
If you click on the link you’ll be taken to a rogue site which looks like a Dropbox / OneDrive login page and prompts you for your password. However, if you enter your credentials, your username and password are then passed to the hackers.
Whenever you are asked to log in somewhere, please take a moment to check that it is legitimate.
You will find it easier, if you are familiar with what a legitimate website address looks like for the services you use. See the examples below and pay particular attention to the highlighted sections:
OneDrive: https://onedrive.live.com/about/en-gb/signin/ or https://login.microsoftonline.com/
If you’re not 100% sure, then don’t do it. You can always use Google (other search engines are available!) to visit the correct page – for instance, to find Dropbox, just type in “Dropbox login”.
If you have any doubts at all, please get in touch with us to ask.