Forum Discussion

robschieren's avatar
New member | Level 2
5 years ago

CRITICAL SPAM from Dropbox***

All our contacts are receiving the below message from Dropbox.  We had one of our user's email inbox hacked and contacts harvested.  The hacker then created a Dropbox account in the name of [personal information removed per the Community's Guidelines] with the email address [email address removed per the Community's Guidelines][personal information removed per the Community's Guidelines] is one of our users and [email address removed per the Community's Guidelines] is close to her email address but not her email address. Is there a way to contact Dropbox fraud/security to stop these emails from being sent from Dropbox or on behalf of Dropbox as the attachment is fraudulent and possibly a virus?  This is damaging our brand as well as the Dropbox brand as this is being sent to many unsuspecting recipients.



[link removed per the Community's Guidelines]



[link removed per the Community's Guidelines]

203 KB • Expires in 4 days

[personal information removed per the Community's Guidelines] sent you some files using Dropbox Transfer, and you haven't downloaded them yet.

Heads up, this transfer expires in 4 days on July 22, 2020.

  • robschieren wrote:

    Is there a way to contact Dropbox fraud/security to stop these emails from being sent from Dropbox or on behalf of Dropbox as the attachment is fraudulent and possibly a virus?

    Forward all details to

  • Rich's avatar
    Icon for Super User II rankSuper User II

    robschieren wrote:

    Is there a way to contact Dropbox fraud/security to stop these emails from being sent from Dropbox or on behalf of Dropbox as the attachment is fraudulent and possibly a virus?

    Forward all details to

  • HelenMcGowan's avatar
    New member | Level 2



    This 'spoof' email has been sent out to our email list - three times.


    The spam email is using our profile - tweaked with small changes - to create fraudulent email addresses (yahoo, outlook) and asking email recipients to click on the 'dropbox' link to download files. People are ringing/emailing asking for confirmation that the email is from us - and asking 'why doesn't the link work?'...but by then they have logged in with their username and password.


    Our IT people say - it is too late for us to do anything - as our email addresses were harvested. All we can do is apologise? Suggest they put this spam email address on their junk filter?


    But my question, is what can dropbox do to prevent future spam attacks - coming from the dropbox system?