Forum Discussion

Anaanato3monkeys's avatar
Anaanato3monkeys
New member | Level 1
24 days ago

Compromised email address was linked to Dropbox team account and is sending out spam emails

Hi, 

My work email was compromised (despite having MFA) on Wednesday, January 8th, around 12:20 EST.  When the approve authentication came to my phone, I had pressed the "it wasn't me" button.  I thought the MFA worked.  It didn't.  

About 2 hours later, I received a couple of texts from colleagues that they received Dropbox emails that seemed to come from me.

I logged into my oulook account and realized that the hacker put 2 rules on my messages - mark incoming emails as read and moved to RSS feeds folder and if an incoming message includes specific words in the subject line or body "dropbox" to mark it as read and move the message to conversation history folder.

I deleted the rules, changed my password and signed out of all devices.  I also had my computer scanned for viruses.  I thought I was done with it because I thought it was coming from my email account. 

I found out that on Monday that the hacker created a fake Dropbox business account and signed up for the free trial and used my hacked email to set it up.  It added so many people (people that were my contacts but also people that I have never written to). I deleted the account.

This fake Dropbox account is still sending out the email - how is this possible?  What can I do to completely shut down the account?  How can I get help from Dropbox to fix this issue?

  • Hannah's avatar
    Hannah
    Icon for Dropbox Staff rankDropbox Staff

    I'm sorry to hear that this happened to you, Anaanato3monkeys.

    Are the emails being sent out actually Dropbox emails, sent from official Dropbox domains?

    You can confirm that by checking our official domains here.

    In any case, I would definitely suggest reaching out to our support team about this, as they will be able to access info specific to that account and assist you directly.

    You can do so by opening a private browsing/incognito window and going to this page.

    From there you'll be able to submit your help request and once you receive a ticket number, please make sure to send it to us as well.

    Thanks.