Dropbox phishing scheme affecting students
Over the last few weeks, students have experienced an influx in phishing scheme messages purported to be sent by trusted friends and colleagues. While the email appears legitimate, clicking the link compromises the security of your account. Read on for information about what the email looks like and what you should do to prevent unauthorized access to your account.
What does the email look like?
The most current phishing scheme utilizing Dropbox will appear to come from your contact list. The content of the email tends to be as follows:
John Smith shared a folder with you on Dropbox
Click accept to view
– The Dropbox Team
What should I do?
If you believe that the sender of the email is trustworthy, you should reach out to them and confirm that they have actually shared a Dropbox file with you before clicking the email. If they have not shared a file with you, then you should delete the email immediately.
You should never click links in emails unless you are certain of the content you are accessing. In the case of the Dropbox phishing email, clicking the link and providing information in the form provided will allow others to access your account and send mail on your behalf. If you do click the email link, even if you do not fill out the form, you should reset your password immediately at Elon’s Self-Service Password Maintenance Site.
Afterwards, you should log into your email account through a web browser at http://email.elon.edu/. From there, click the gear icon in the upper right-hand corner and select “Settings.” You should check the following tabs:
- Accounts & Import – Confirm that your “Send As” name displays correctly. Additionally, check the “Grant access to” line, which shows whether anyone else has access to your account.
- Filters – Make sure there are no filters placed on your account.
- Forwarding & POP/IMAP – Ensure that no forwarding addresses have been added to your account. If so, delete them.
- Sent Folder – Finally, if you notice that you are receiving spam messages from yourself, go to the Sent folder and delete any messages you have not intentionally sent.
By following all the above steps, you will ensure that whoever gained access to your account will no longer be able to login, send, or receive mail from your account.
If you continue to experience issues with your account after clicking one of these Dropbox emails, please contact the Technology Service Desk at 336-278-5200.