Think you're safe? Dropbox or Facebook links could be spam, too

MANILA, Philippines – Do you use Dropbox and Facebook? Then you might want to watch out for this. Symantec Security Response has observed that spammers are abusing Dropbox, a popular cloud-based, file-hosting and synchronization tool to spread spam.

Dropbox accounts have a public folder where files can be placed and made publicly available. This function is useful to spammers as it effectively turns Dropbox into a free hosting site.

In one example, spammers have created several Dropbox accounts, uploading an image and a simple .html file and then using the image to link to a pharmaceutical site.

During a 48-hour period, Symantec saw over 1,200 unique Dropbox URLs being used in spam. Since Dropbox is a widely used service (with smartphone applications), people might view Dropbox URLs as more trustworthy and therefore more likely to open them.

Apart from spammers, Dropbox is also being abused by malware authors. Symantec Security Response has observed a Brazilian Portuguese malware message claiming to contain photos and asking if they can be put onto a popular social networking site. The links in the e-mail point to a Trojan hosted on Dropbox.

Facebook is another popular platform that cyber criminals are targeting. Last February, Symantec has observed a phishing site recommending a fake application that allegedly removes the “Timeline” profile for Facebook users.

The phishing site, hosted by a free Web hosting site, displays a Facebook Timeline promotion video from YouTube, with the claim “Remove Timeline Now.”

According to this phishing site, users will have their “Timeline” removed from their Facebook profile and get back their old profile page — only after they enter their login credentials.

Phishers also added that it was protected by an antivirus product with the logo of the antivirus brand placed below the login form to make the fake application look more authentic. If users fell victim to the phishing site by entering their login credentials, phishers would have successfully stolen their information for identity theft purposes.

These abuses are a good reminder that any site, which makes user-supplied content publicly available, must continue to be vigilant about dealing with abuse.

Symantec advises Internet users to follow best practices to avoid phishing attacks:

• Do not click on suspicious links in e-mail messages.

• Avoid providing any personal information when answering an e-mail.

• Never enter personal information in a pop-up page or screen.

• When entering personal or financial information, ensure the website is encrypted with an SSL certificate by looking for the padlock, “https” or the green address bar.

• Frequently update your security software (such as Norton Internet Security 2012), which protects you from online phishing.