Skip to main content


Posted on Friday, July 10, 2020 in Privacy & Security

A new phishing email - seemly sent from your local government funding agency - is offering phony relief grants to those in need. What makes this scam especially sneaky is that the badguys use a dropbox link to disguise their malicious attachment. Dropbox is a legitimate and commonly-used file sharing service.  Therefore, the email security filters that your organization has in place  image of cards and lock representing protection of secure informationmay not consider the link as a red flag-increasing the chances of this email landing in your inbox.

This phishing email urges you to click a Dropbox link so you can download a file that supposedly contains information about your relief grant payment. The link even includes an expiration date for an added sense of urgency. If you click the link, then download and open the phony file, you're taken to a look-a-like Microsoft 365 login page. If you enter any information on this page it will be sent directly to the scammers.

Remember these tips:

  • Never click a link or download an attachment from an email that you weren't expecting. Even if the sender appears to be a legitimate organization, the email could be spoofed.
  • Be cautious of unexpected deadlines. Scammers often create a sense of urgency to spark impulsive clicks.
  • Get confirmation before clicking a Dropbox link. If you feel the file could be a legitimate resource for your organization, reach out to the sender another way-like by phone-instead of trusting the email.

Stop, Look, and Think. Don't be fooled.
The KnowBe4 Secuerity Team

Back to Top