Open Forum

A Deceptive Email Ploy: A sophisticated phishing scam has been detected, exploiting our trust in Dropbox. The scammers ingeniously crafted emails, seemingly from Dropbox, containing a PDF link. This PDF harbored another link, leading to a counterfeit Microsoft login page. The ultimate aim? To pilfer your login credentials.

The attackers found a way in even with robust security measures like Multifactor Authentication (MFA). They manipulated an employee into authorizing a login request, thereby gaining entry into the company's system. This incident underscores the gravity of the situation.

Once inside, the scammers tried to stay hidden. They created rules to move certain emails out of sight and even tried to spread the scam further within the company.

This attack shows that we must be careful even with strong security measures (like MFA). Scammers are getting smarter, using familiar services to trick us. 

Takeaway:

• Exercise Caution with Links: No matter how official an email appears, exercise caution when it comes to clicking on links, particularly those leading to login pages. Vigilance is your best defense.
• Verify Unexpected Requests: If you receive an unexpected MFA request, double-check before approving it.

Staying informed and cautious is vital to protecting yourself and your organization from such attacks.

#ALTACyber

------------------------------
Genady Vishnevetsky
Chief Info Security Officer
Stewart Title Guaranty Company
Houston TX
------------------------------

I want to add some emphasis to the point that MFA, while better than nothing is not foolproof. Even without a login page, you can hack a session token from people who click on fraudulent links in email or pdf attachments. 

If you are already logged in to your email on the web, the theft of your session token allows someone to bypass login to your account. 

You can read more about it here, 

https://www.spiceworks.com/it-security/identity-access-management/guest-article/session-token-theft-the-growing-threat-of-cybersecurity/

or just search for session hijacking. MFA does not protect against this. The best course of action is training for your employees to "exercise caution with links" as Genady says. Your IT admins can take some additional steps to ensure tokens require a refresh at an increased rate but that does mean logging in more often.

------------------------------
Cesar De La Garza
Head of IT and Compliance
Closinglock
Austin TX
+1 (737) 334-1020
------------------------------

Original Message:
Sent: 03-22-2024 08:49
From: Genady Vishnevetsky
Subject: Security BUZZ - Beware of Clever Dropbox Phishing Scam!

A Deceptive Email Ploy: A sophisticated phishing scam has been detected, exploiting our trust in Dropbox. The scammers ingeniously crafted emails, seemingly from Dropbox, containing a PDF link. This PDF harbored another link, leading to a counterfeit Microsoft login page. The ultimate aim? To pilfer your login credentials.

The attackers found a way in even with robust security measures like Multifactor Authentication (MFA). They manipulated an employee into authorizing a login request, thereby gaining entry into the company's system. This incident underscores the gravity of the situation.

Once inside, the scammers tried to stay hidden. They created rules to move certain emails out of sight and even tried to spread the scam further within the company.

This attack shows that we must be careful even with strong security measures (like MFA). Scammers are getting smarter, using familiar services to trick us. 

Takeaway:

• Exercise Caution with Links: No matter how official an email appears, exercise caution when it comes to clicking on links, particularly those leading to login pages. Vigilance is your best defense.
• Verify Unexpected Requests: If you receive an unexpected MFA request, double-check before approving it.

Staying informed and cautious is vital to protecting yourself and your organization from such attacks.

#ALTACyber

------------------------------
Genady Vishnevetsky
Chief Info Security Officer
Stewart Title Guaranty Company
Houston TX
------------------------------