Re: How to protect and prevent "share attacks"

deus_ex_machina

Hello all,

My company has been inundated by Dropbox "share" attacks, where phishers use the Dropbox share function to bypass spam filters and get fake invoices to land in coworker's inboxes. Dropbox will even helpfully send follow-up emails to everyone who hasn't viewed the document yet.

I ran the gauntlet of an escalated support ticket, but that ended with them basically saying I was out of luck because I had no control over that file since it was external and being shared. This was after days had gone by and several people had viewed the malicious document.

Surely there is a better way to prevent/report this attack? Blocking no-reply@dropbox.com isn't really an option since we use dropbox, but there has got to be a better way to get help from Dropbox since it is a scammer's paradise to be able to abuse their service like this.

Any help is welcome! Thanks in advance.

AliceDropbox

Hi @deus_ex_machina!

I'm a product manager on the sharing team.

Thanks for reaching out! We take such issues very seriously and want to assure you that we were already aware of this situation and have taken immediate actions to address it.

Ideally, this won't happen again, but if it does, please use the "Report to Dropbox" feature on the email so we can respond promptly.

Your security is our top priority. If you encounter any further suspicious activity or have additional concerns, please do not hesitate to reach back out.

View solution in original post

Megan

Hey @deus_ex_machina, welcome to our Community!

On our end, I'm afraid that we have no such ways in place to "identify" these actions before they happen.

When it comes to securing your account, I'd suggest that you keep an eye out for any suspicious content and emails and that you don't open files when shared from external collaborators.

Of course, our Community & Support is here to help if you come across these types of emails, and cases.

I hope this clarifies!

Megan
Community Moderator @ Dropbox
dropbox.com/support

Did this post help you? If so, give it a Like below to let us know.
Need help with something else? Ask me a question!
Find Tips & Tricks Discover more ways to use Dropbox here!
Interested in Community Groups? Click here to join!

deus_ex_machina

Megan:

I appreciate the quick reply! It is understandable that Dropbox can't review the authenticity or intent behind every shared document, and removing that feature would negatively impact the platform.

The issue is that the attacker can quickly enumerate large lists of targets, and there is a delay between the shares being sent, and Dropbox support responding to my report. Is there any way to get Dropbox to recognize that we are a legitimate company being targeted by an active campaign, and get a more timely response to our reports?

Megan

Hey @deus_ex_machina, would you mind sharing your ticket number with me, in order to review it on our system, please?

Megan
Community Moderator @ Dropbox
dropbox.com/support

Did this post help you? If so, give it a Like below to let us know.
Need help with something else? Ask me a question!
Find Tips & Tricks Discover more ways to use Dropbox here!
Interested in Community Groups? Click here to join!

deus_ex_machina

If I post the ticket number here, is it accessible to anyone, or is there a more private way for me to send it? The ticket contains company details I would rather not post in a public forum.

Megan

If you send us the ticket number, only Community Dropbox Staff will have access to our system, in order to review the situation & had has already been discussed there @deus_ex_machina.

Megan
Community Moderator @ Dropbox
dropbox.com/support

Did this post help you? If so, give it a Like below to let us know.
Need help with something else? Ask me a question!
Find Tips & Tricks Discover more ways to use Dropbox here!
Interested in Community Groups? Click here to join!

deus_ex_machina

Thank you, the ticket number is 23864949

Walter

Hi from me too @deus_ex_machina, and thanks for sharing your ticket number with us.

I was able to locate it in our system and I can see that it's closed now. If you have any additional questions about this though, you can either open a new ticket or create a follow-up ticket instead.

Let us know if you have anything else to ask or add.

Walter
Community Moderator @ Dropbox
dropbox.com/support

Did this post help you? If so, give it a Like below to let us know.
Need help with something else? Ask me a question!
Find Tips & Tricks Discover more ways to use Dropbox here!
Interested in Community Groups? Click here to join

AliceDropbox

Hi @deus_ex_machina!

I'm a product manager on the sharing team.

Thanks for reaching out! We take such issues very seriously and want to assure you that we were already aware of this situation and have taken immediate actions to address it.

Ideally, this won't happen again, but if it does, please use the "Report to Dropbox" feature on the email so we can respond promptly.

Your security is our top priority. If you encounter any further suspicious activity or have additional concerns, please do not hesitate to reach back out.

deus_ex_machina

I thought you just needed to look at the ticket for context, the ticket may be closed but the issue is unresolved. The fake invoice file exists to this day in my coworker's "Shared" section.

A better way to phrase my question is if there is a way a company that has been targeted can build a relationship with Dropbox to get more immediate action on removing the shared file? It doesn't seem possible to prevent the initial phishing but if we could get rid of it quickly that would be the next best thing.