According to this email, someone has sent you a file using online file hosting service Dropbox. The email urges you to click a link to see the file. It may appear to come from someone you know.
However, the link in the email does not open a document on Dropbox. Instead, it opens a website that is designed to steal your email account login details.
Here’s what the scam email looks like:
If you fall for the ruse and click the link, you will be taken to a website that looks like it belongs to Dropbox. The site claims that the document is protected and you must select your email provider and log in to access the files.
Clicking on the name of your email provider opens a popup login window that asks for your email address or username and your email account password. The screenshot below shows the popup for a generic email account login. The other popups are branded to their respective service providers.
After you provide your login details, you will be redirected to a website that features a report about investment strategies. In fact, the website, which belongs to a large US bank, has no connection to the scam. The criminals have automatically redirected you to the legitimate bank website in an effort to trick you into believing that you really have been given access to the promised file.
But, meanwhile, the criminals can collect the login details that you provided and use them to hijack your email account. Once they have gained access to your account, they can use it to distribute the same scam email to your friends and business contacts. These recipients may be more likely to believe that the email is legitimate because it came from your account.
The criminals may also use your account to conduct further spam, scam, and malware campaigns in your name.
Moreover, as is often the case these days, your email account may be linked to various others services such as online file storage, contacts, and app stores. So, the criminals can collect your personal information and conduct fraudulent transactions in the app store. They may manage to gather enough information about you to steal your identity.
Phishing scam emails like this are common. Keep in mind that Dropbox will never ask you to provide your email account password to access stored files. Some, like the version discussed here ask for your email account login credentials. Other versions may take you to a fake website that asks you to enter your Dropbox login details. Doing so will give criminals access to all of the files you have stored in Dropbox.
Similar fake file notification emails are also used to distribute malware.
The Dropbox website includes information about protecting yourself from phishing scams and malware attacks.