Phishing Example: Your Dropbox File

January 30, 2017

What makes this a Phishing message?

A recent spate of phishing messages have been received on campus purporting to be Dropbox notifications.  The link in the email message to "View File" is a ruse to capture CalNet passphrase credentials.

  • The return address of the sender is from the network domain for Texas A&M Health Sciences Center (@tamhsc.edu), not Dropbox.
  • If you hold your cursor over the "View File" link, you will see that the URL address is a forgery of the real CalNet login address (https://auth.berkeley.edu).

Visit the How to Detect the Authentic CalNet Login Page to learn how to protect yourself from these kind of scams.

Original Message:

From:  "Sass, Bradley" <sass@tamhsc.edu>
Subject:  Your Dropbox File
Date:  Mon, 30 Jan 2017

Dropbox logo


Hello,
You just received a file through Dropbox Share Application.
Please click below and log in to view file.
Every time a friend installs Dropbox, we'll give both of you 1 GB of
space for free! Need even more space? Upgrade your Dropbox and get 1 TB
(1,000 GB) of space.
Happy Dropboxing.
- The Dropbox Team
Dropbox, Inc., PO Box 77767, San Francisco, CA 94107 © 2017 Dropbox

Warning:  The links and email addresses included in these messages are from real-life examples, do not attempt to explore them.

The most dangerous links have been removed - you can hover your cursor over these links to see the original address in a pop-up techtip (instead of in the corner of the browser window).

Report suspected phishing emails to phishing@berkeley.edu. Be sure to include the entire text of the message, including the email header.