While inspecting browser traffic from a workstation indicating a phishing attack, a title page says “Dropbox Login Page” but it’s not via https.  The workstation user was potentially a victim of an attempt to harvest credentials for Dropbox via a bogus login page.

Quarantine the workstation and run a deep scan. For maximum safety, re-image the hard drive. Check the local DNS cache for possible poisoning of dropbox.com. If this user has a Dropbox account, they should change their credentials.


Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.