Forum Discussion

rgdes's avatar
rgdes
Explorer | Level 3
2 years ago

Weird authentication behavior from Dropbox upon receiving a suspicious email.

Hi,

There is some evidence that an actual link from dropbox, sent from no-reply@dropbox.com, with right domain and certificate, was related to an attack attempt and I would like some opinions. 

 

The behavior is weird. It was shared with a list of people and asks for credentials, but any password, right or wrong, asks for a MFA code.

Is that normal? Why would it ask for MFA code after wrong passwords?


Any help is appreciated.
Thanks

  • Megan's avatar
    Megan
    Icon for Dropbox Staff rankDropbox Staff

    Hi rgdes, I hope you're doing well!

     

    In regards to the email you received, could you possibly send me a few screenshots of the body of the email, along with the email address you received it from?

     

    Just make sure none of your personal info is shown there. 

     

    Keep me posted, and we'll take it from there!