Dropbox phishing email sends chills down my spine

I am a Dropbox user like many people.  I use Dropbox to share files from one computer to another.  I don’t use it for anything sensitive like personal financial information or business data.  The reason why I don’t use it for anything sensitive is that I am afraid of what could happen if someone got into my Dropbox account.  I think I have good reason to be afraid and it’s not just the known Dropbox security issues.

A user forwarded me an email that was clearly a Dropbox phishing message.  The login page for Dropbox looked exactly like a Dropbox login page.  Thankfully this user doesn’t use Dropbox.  But the prospects of this sort of message should be terrifying to a systems administrator.

What makes Dropbox useful is also what makes it deadly.  The Dropbox client allows a user to quickly share files with anyone else that has rights to one or more Dropbox folders.  The rights holders may be anywhere inside or outside of the firewall.  So if one persons Dropbox account is compromised, the infiltrator potentially has access to many peoples machines.  Besides the data theft, or undetectable monitoring the bad guy could do, he could also drop infected files onto the machine.

To me it seems that allowing Dropbox on a corporate machine means accepting many dangerous risks.  I don’t think those risks are worth it.  Let the users use the web based version of Dropbox if they’d like, but keep that client off of the machines.


2 responses to “Dropbox phishing email sends chills down my spine

  1. I would tend to agree with your assessment here. I’m a security geek and have been for about 10 years, and the ease by which the sharing of amazing amounts of corporate/financial/customer data can be accomplished without even so much as a thought makes me want to change professions. Luckily, thus far in my organization, we’ve fought off almost every effort to put business/patient (we’re a hospital) information out there. However, I’m sure it’ll happen when the right person in the right position makes the right(or wrong) argument to the right person. And at that point, I’ll be sending out an email to everyone involved, copying my personal email, as to why this is a bad idea and that they’ll be held responsible for this decision, not me.

  2. Pingback: Cloud Chaos: What You Need to Know After Hackers Breach Dropbox, Evernote

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s