Clone kit revealed
A new fake Dropbox phishing scam targeting users of the online sharing and storage platform is currently in circulation. The scam invites readers to view files shared by another Dropbox user, and click on a link that redirects to a phishing website.
However, this phishing scam tries to fool users into submitting username and password details of their email address (YAHOO, Outlook, Gmail,AOL or others) in order to gain access their account.
Clicking on the icons a modal pops up asking for credentials.
Once the credentials are filled and the “Submit” button is clicked, the credentials are sent through email to the phisher.
Analyzing the web server is possible to retrieve the clone kit used by the attacker to create the phishing website. The clone kit is very simple and developed with basic programming skills. Below the structure and the source code of submit.php. “form.php” and “index.php” are 99% composed by HTML code.
The developer downloaded all the icons to avoid recon.
Dropbox can easily identify this phishing attack analyzing the HTTP referer field of the HTTP packet, because the phishing website redirects to the official dropbox website.