The emails use a variety of subject lines, including "INCOMING FAX REPORT," "FW: Case -- 1045890," "Outstanding Invoice," and "Payment Advice," with the content of the email matching the subject line -- but all of the emails, of course, ask the recipient to click on a link.
"If a user clicks the link, they are directed to Dropbox where they can download a small zip file which contains an executable masked as an .scr file, or a Windows screen saver file," writes PhishMe's Ronnie Tokazowski. "The 'cool' thing is that Windows treats .exe and .scr files the same way, so you simply have to rename an .exe to .scr."
While the first range of links have been removed by Dropbox, one of the samples delivered malware which VirusTotal found was detected by 31 of 53 leading anti-virus solutions.
Photo courtesy of Shutterstock.