Interviews

Scam email warning

by Mark Rowe

The Sheffield-based Business Crime Reduction Centre (BCRC) is warning businesses and individuals about scam emails which use a link to a Dropbox file that contains malicious software (malware). The aim is to trick a business’ employees into clicking a link to Dropbox, the online storage service. The user is then prompted to download an ‘invoice payment’ or ‘tax return form’. The download is actually an .exe file (executable file), disguised as a .scr file (a file extension for screensaver used by Microsoft Windows), that installs malware onto the victim’s computer. After the computer is infected, the malware encrypts the business’ files and demands a ransom to unlock them.

Fraudsters are using emails designed to look like they are from well-known banks such as HSBC and RBS. According to PhishMe, an anti-phishing website, the email subject matter always concerns important financial issues, such as invoice payments or tax returns.

BCRC’s cyber security specialist, Mark Connell, said: “Dropbox is being used to host malware as its name provides credibility to the scam emails. While many users are suspicious of links in emails, Dropbox is widely used in legitimate business communications. Tell-tale signs that these emails are not genuine include grammatical errors, spelling mistakes and generic greetings such as ‘Dear customer’.”

Dropbox has responded to combat the scam and has deleted malware files. However, a risk remains during the window of time between the scam emails being sent and Dropbox removing the malicious files; meaning businesses should remain vigilant at all times. BCRC, which helps business in the Yorkshire and Humber region cope with cybercrime and general crime, is warning people not to click on suspicious links in unsolicited emails, reply or forward the email or contact the senders in anyway. Businesses using Dropbox are encouraged to take extra precautions to avoid becoming a victim of the phishing by making staff aware of the threat.

If anyone receives the email – report it to Action Fraud using their online fraud reporting tool or by calling 0300 123 2040.

Any small and medium sized businesses in the Yorkshire and Humber region seeking preventative measures against this or any other type of scam can contact BCRC on 0114 275 1283 or email [email protected].

Related News

  • Interviews

    Stay GDPR compliant

    by Mark Rowe

    Organisations spent an enormous amount of time, money and resource to achieve GDPR compliance in time for the May 2018 deadline. However,…

  • Interviews

    Digital dominant

    by Mark Rowe

    With 2013 around the corner, it is time for IT security people to reflect on what has been, gaze into their crystal…

  • Interviews

    Pandemic sleeper threats

    by Mark Rowe

    As organisations get closer to implementing return-to-work plans, most employees are excited about getting back into an office routine. They miss their…

Newsletter

Subscribe to our weekly newsletter to stay on top of security news and events.

© 2024 Professional Security Magazine. All rights reserved.

Website by MSEC Marketing