Beware Dropbox phishing emails

Below is “a standard phishing attempt, and I might have been fooled, if not for the fact that the sender is someone I hardly know, who I may have exchanged two emails with many years ago,” Kirk McElhearn reports for Kirksville.

“If you don’t already know this, you can check the URL behind the Verify your email button by hovering your cursor over it, if you’re on a Mac,” McElhearn reports.

“If you’re on an iOS device, tap and hold the button, and you’ll see the URL in a dialog,” McElhearn reports. “You’ll note, in both cases, that it’s not a URL.”

Phishing warning
Phishing warning

Full article here.


  1. I got hit with yet-another fake Linked In phishing email today. There have been piles of fake Apple phishing email messages. On and on. EXPECT such email to be phishing.

    My favorite way to quickly determine if I’m being phished is to hover the Mac cursor over the link to the ‘site’ and wait to see what URL appears on screen. If it isn’t the intended website, I report the email message as phishing spam to both and the actual website being faked in the message.

    Example of a fake Linked In phishing email:

    Subject: Attention Derekcurrie Was beating violently
    [Already the subject title looks bot-fake]

    Linked In Service

    Date: 1/07/2015
    Subject: New message

    View/reply to this message

    Hovering over ‘View/reply to this message’ shows that the link does NOT go to Linked In at all. These fake links can even appear to be raw URLs, but are still FAKE:

    It looks like an Apple URL. But because of a BIG oversight in how HTML works, a FAKE URL can be hidden behind a pretend URL. Sad but true.

    Then you arrive at the FAKE website, it has been fraudulently coded to look EXACTLY like where you expect to go, you put in your ID and password, you’ve been PWNed! They just successfully phished you.

    Every website should have a way you can report phishing that fakes their site. If they don’t, nag at them.

  2. I get quite a few phishing emails, most are really obvious, purportedly from my online bank account provider, only they’re nearly always from banks I’ve never, ever had any dealings of any sort with.
    More tricky are those like the one I had from my broadband and landline provider, which was very plausible, but tapping on the links on my Pad took me to some really odd web sites that were clearly nothing to do with the actual company, who I forwarded the email to.
    I get LinkedIn mails, too, but those get binned, I’ve never had any connection with LinkedIn or anyone on it.
    I can understand how some people might get fooled, some mails are very convincing, but ones claiming that my BT account will be suspended which have glaring grammatical errors are very easy to spot if you keep your wits about you.

Reader Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.