An employee's email was used to create a malicious Dropbox account

Hi CNS_NJ, thanks for bringing this to our attention.

Did they change the email address on the Dropbox account? 

Is the email address part of a Dropbox team or is it a personal account? Do you have the ticket ID from when you contacted the support team?

This will help me to assist further!

It is a personal Dropbox account. I am not sure if they've changed the email address yet.

I'm assuming it has not been changed, because we're getting emails forwarded from this employee's clients, and it is showing his company email address still.

The sending email is no-reply@dropbox.com but the body of the email has employee's name/company email in it. Example of the email one of his client's received.

Elements of the email have been obfuscated for the privacy of the end user/client. I am happy to provide more detailed information to the support team.

The ticket number for this is #24476652. Please let me know if any further information is needed.

Thank you,
Nick

If its using the employee email the quickest and easiest way to resolve this is to go to www.dropbox.com/forgot and request a reset of the password. Then log in and close/delete the account yourselves. 

Hi Mark,

We attempted this to no avail. You cannot reset the password. The Drobox account is secured by MFA, that the bad actor controls.

We have access to the email, but without control over MFA, we cannot reset the password. This is not a viable option in our case.

Thanks for the info. As you're already in contact with the support team under that ticket ID, they would need to be the ones to assist further on this matter.

I've gone ahead and prioritized the ticket to expedite matters on your behalf.

Thank you, Jay. We really appreciate the assistance. We'll keep an eye out for a response from support.

Thank you,
Nick