The Alberta Lawyers Insurance Association (ALIA) has learned of a scam that involves what looks like legitimate emails with a Dropbox attachment or link. Appearing to be sent from a known contact, this phishing scam email works in several ways by exploiting the popularity of the file sharing service:
- It will try to steal your Dropbox password with an order request that looks like it's from a company or contact with whom you do business.
- It will try to steal your email password with a fake file sharing request.
- It will try to lure you into downloading a virus attached to or linked from the email.
The email will have some obvious signs of a phishing scam. First, it does not address you personally and instead uses your actual email address. Also, the email will sound urgent, trying to get you to react quickly and to click on the button, link and/or attachment without thinking.
Action to be taken:
To protect yourself, always hover your mouse cursor over the URL of links contained in emails to check their destination address – if they look suspicious, don’t open them. Although this is only partial protection (even the URL can be manipulated), it will identify most unsophisticated fakes.
If a company or contact with whom you have business appears to have sent you this type of email, contact them directly (do not use the contact information contained in the email) and confirm the email is from them. It is also recommended that your firm establish protocols for opening email attachments or using email links to enter login information and adhere to them.
To log into a service like Dropbox, open a new web browser and type in their URL manually. Don’t rely on links sent via email.
Further, if you receive communications from any unauthorized person sending this type of communication, please send an email to the
ALIAlert
mailbox
and, if possible, provide the potential fraudster’s contact information.
The Alberta Lawyers Insurance Association provides the ALIAlert service to all Alberta lawyers participating in the insurance program. If you believe that you have been targeted by potential fraudulent activity, please contact
ALIAlert
so that we may alert other members of the profession and avoid losses that increase the cost of everyone’s insurance.