Google+ and Dropbox being used to scam victims
Emails claiming to be notifications from the companies are forwarding users to adult dating sites
Emails claiming to be from trusted sources including Google and Dropbox are being used by scammers to forward unsuspecting victims to adult sites, a report has revealed.
Symantec uncovered the scam, which forwards users to dating sites as part of an affiliate scheme, hidden behind goo.gl shortened URLs.
The company said the emails look like they are legitimate notifications from Dropbox and Google+ and the situation has heightened since Dropbox introduced its file request feature, which sends an email to users or teams, originating from the no-reply@dropbox.com address. This latest scam takes advantage of this to bypass spam filters.
“Despite the contents of the message containing a wall of text along with links, the fact that they originate from a Dropbox email address makes it likely to bypass spam filters,” Symantec’s Satnam Narang said.
Similarly, fake Google+ accounts are being used to send emails out to people too. Because they appear to be from Google+, spam filters are failing to stop them getting through to a user's inbox.
These fake accounts create posts and then share with real users so they receive an email notification they've been mentioned in a post.
Those circulating these scams are trying to encourage users to sign up to the adult dating websites to get kickbacks rather than to steal users’ data and carry out malicious activity, but it's still rather worrying such highly regarded companies can be used as the basis of a scamming campaign.
Cloud Pro Newsletter
Stay up to date with the latest news and analysis from the world of cloud computing with our twice-weekly newsletter
Symantec advised both Dropbox and Google about the abuse of their notification systems in this particular scam.
“Preventing abuse and protecting our users from online scammers and spam is a top priority,” Dropbox said in a statement. “Our team is continually improving our ability to prevent and detect attempts to misuse our service.
“As Symantec points out, this type of abuse is a problem faced by all service providers. Dropbox is actively investigating and implementing countermeasures to mitigate this type of activity, including shutting down spam-generating accounts.”
Clare is the founder of Blue Cactus Digital, a digital marketing company that helps ethical and sustainability-focused businesses grow their customer base.
Prior to becoming a marketer, Clare was a journalist, working at a range of mobile device-focused outlets including Know Your Mobile before moving into freelance life.
As a freelance writer, she drew on her expertise in mobility to write features and guides for ITPro, as well as regularly writing news stories on a wide range of topics.