Dropbox Spoofed Phishing Attack

Email phishing attack spoofing Dropbox sent to WPI users

Why

Phishing Content: Dropbox-spoofed notification with embedded "Click Here" button. The Click Here link is infected and results in credentials being stolen.

Impact

By 9 am twenty-nine community members had fallen victim. The secondary wave of the attack resulted in 31 more victims.

Blocks have been put in place for on-campus users. Off-campus users are still vulnerable and need to remain diligent. One way to protect WPI credentials is to ensure that different passwords are used for disparate systems. Another safety measure is not to click on any links in unsolicited emails.

Action Needed

Do not click on links in unsolicited emails


Status

Completed


Timing

From

Thursday

10 August 2017

4:45 AM

To

Monday

14 August 2017

12:00 AM

Posted

10 August 2017, 2:10 PM