Beware of phishing scams

A phishing message related to Dropbox has been detected. In the scam, the recipient receives an email notification that a file has been shared with them via Dropbox. Opening the share link leads to a very realistic-looking Dropbox login window, but in the background, there is a script that sends the login credentials to a third party. The site tricks the user into entering their organizational credentials and confirming the login with MFA verification. This allows for session and account hijacking, as well as data phishing.

Phishing messages are sent with the subject line “First Name Last Name shared file with you,” and the message is either sent from a genuine (hacked) email account or the sender’s email address is spoofed. These phishing messages often refer to a file shared via Dropbox, but similar scams can originate from any file storage platform.

Do not open file-sharing links if you are not expecting that file. If you are unsure why a file has been shared with you, verify the authenticity of the message with the sender. DO NOT REPLY directly to the message; instead, send a new email to the file sharer. Wait patiently for a response before opening the link or logging into the service through the link.

If you suspect that you have entered your information on a phishing site, the first step is to change your password. You can change your Jamk account password at tunnistus.jamk.fi. On some cases it is possible to close hijacked session by logging into myaccount.microsoft.com. (MFA verification required) Under your profile details select “Sign out everywhere” to log all the sessions out. Do these procedures with different device that you used to provide information to the phishing site, such as your phone!  

After these procedures, immediately report the incident to IT support with low threshold via help.jamk.fi!

More information about spam emails and phishing can be found in Helpdesk News.