Skip over navigation

News archive

Phishing using false Dropbox log-in screen hits campus

At least one department on campus has reported sightings of a phishing scam that has been circulating elsewhere for a while.  This is the first reported sighting here within Princeton.EDU.

OIT's collaboration services folks have created a rule blocking messages that include the phishing URL and that are addressed to users of central University e-mail services . But it is possible some instances of the message arrived earlier. So please be aware of this threat, and as you feel necessary and/or appropriate, make your constituents aware of this ploy.

The subject line is:  "Confidential:"

The text of the message is:  "I've uploaded a document for you to view using Dropbox. Click here [URL hot link here] just sign in with your email respectively to view."

Above the "Thanks" and signature line is this:  "It is Important"

If the recipient connects to the hot-linked URL, what appears is a false, but credible-looking Dropbox log-in page.

Although the University never recommended Dropbox use, many members of the campus community opted to use the service.  They, and perhaps others, conceivably could take the bait.

Thanks for your attention and your assistance with prevention.