Dropbox Users Are Served a Phishing Page Delivered over SSL

JMH

Emeritus, Contributor
Joined
Apr 2, 2012
Posts
7,197
Cybercriminals trying to steal credentials for Dropbox and web-based email service have created a fake log-in page that is hosted on the file sharing website, taking advantage of its secure protocol.

The cybercriminals also included the logos of popular web-based email providers leading unsuspecting users into believing that they could also log in with the credentials for those accounts.

Credentials are sent using a secure protocol


As soon as the “sign in” button is hit, the username and password entered in the log in fields are delivered to a PHP script on a compromised server, Symantec’s Nick Johnston says in a blog post.

Sending the data to the machine accessed by the crooks is also carried out using the secure protocol, which does not raise any suspicion to the victim. Otherwise, since the fake page is accessed through an encrypted connection, the web browser would inform that an insecure communication channel is used for delivering the data, warning that it could be intercepted and read by a third-party.
Dropbox Users Are Served a Phishing Page Delivered over SSL - Softpedia
 

Has Sysnative Forums helped you? Please consider donating to help us support the site!

Back
Top