<?xml version="1.0" encoding="UTF-8"?>
<rss xmlns:content="http://purl.org/rss/1.0/modules/content/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:taxo="http://purl.org/rss/1.0/modules/taxonomy/" version="2.0">
  <channel>
    <title>topic Re: Users spoofing our company for cyber fraud in Security and Permissions</title>
    <link>https://www.dropboxforum.com/t5/Security-and-Permissions/Users-spoofing-our-company-for-cyber-fraud/m-p/727523#M12301</link>
    <description>&lt;P&gt;We have had the same person contact us the same way. None of our departments know her.&lt;/P&gt;&lt;P&gt;Was there an answer to whether or not this Vicki Shen is a real Account Executive?&lt;/P&gt;</description>
    <pubDate>Mon, 06 Nov 2023 23:13:03 GMT</pubDate>
    <dc:creator>Bugtown</dc:creator>
    <dc:date>2023-11-06T23:13:03Z</dc:date>
    <item>
      <title>Users spoofing our company for cyber fraud</title>
      <link>https://www.dropboxforum.com/t5/Security-and-Permissions/Users-spoofing-our-company-for-cyber-fraud/m-p/724801#M12047</link>
      <description>&lt;P&gt;We were contacted by a dropbox sales person&amp;nbsp; (Vicki Shen) stating that we have 89 drop box accounts tied to our companies email domain. We don't use dropbox. I had asked how can I address possible imposters creating dropbox accounts to fraudulently contact others under the disguise of our company's name and she ghosted me.&amp;nbsp; Then I thought I would just contact someone. The only 'one' that you can contact is a bot. How do you get possible cyber crime/fraud investigated through dropbox? The fact that the sales person doesn't think cyber crime is a big deal is the main reason we prohibit employees from using dropbox.&lt;/P&gt;</description>
      <pubDate>Thu, 26 Oct 2023 22:13:22 GMT</pubDate>
      <guid>https://www.dropboxforum.com/t5/Security-and-Permissions/Users-spoofing-our-company-for-cyber-fraud/m-p/724801#M12047</guid>
      <dc:creator>Trainer232</dc:creator>
      <dc:date>2023-10-26T22:13:22Z</dc:date>
    </item>
    <item>
      <title>Re: Users spoofing our company for cyber fraud</title>
      <link>https://www.dropboxforum.com/t5/Security-and-Permissions/Users-spoofing-our-company-for-cyber-fraud/m-p/724808#M12048</link>
      <description>&lt;P&gt;Thanks for bringing this to our attention, &lt;SPAN style="background: var(--ck-color-mention-background); color: var(--ck-color-mention-text);"&gt;&lt;a href="https://www.dropboxforum.com/t5/user/viewprofilepage/user-id/1760859"&gt;@Trainer232&lt;/a&gt;&lt;/SPAN&gt;.&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;Are you positive that this was a Dropbox Sales representative that called you? What did they say on this call exactly?&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;If you look into your company's email addresses, have any Dropbox emails been received, related to this?&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;If you can think of any other details that might help us figuring this out, I would appreciate it.&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;Thanks.&lt;/P&gt;</description>
      <pubDate>Thu, 26 Oct 2023 22:46:15 GMT</pubDate>
      <guid>https://www.dropboxforum.com/t5/Security-and-Permissions/Users-spoofing-our-company-for-cyber-fraud/m-p/724808#M12048</guid>
      <dc:creator>Hannah</dc:creator>
      <dc:date>2023-10-26T22:46:15Z</dc:date>
    </item>
    <item>
      <title>Re: Users spoofing our company for cyber fraud</title>
      <link>https://www.dropboxforum.com/t5/Security-and-Permissions/Users-spoofing-our-company-for-cyber-fraud/m-p/725054#M12072</link>
      <description>&lt;P&gt;Hi, Yes, positive it was a drop box rep. sales.dropboxbusiness.com&amp;nbsp;&amp;nbsp; It was an email. She scraped a list of our domain names that was being used on dropbox and wants to sell us an admin management console so that we can manage the accounts. &lt;STRONG&gt;Vicki Shen&lt;/STRONG&gt; states:&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;&lt;EM&gt;I'm reaching out because our data shows that there are unmanaged users under your domain. Do you need to get control of these users?&lt;/EM&gt;&lt;/P&gt;&lt;P&gt;&lt;EM&gt;- There are currently 84 Dropbox accounts from [Withholding our name].&amp;nbsp;&lt;/EM&gt;&lt;/P&gt;&lt;P&gt;&lt;EM&gt;- In the last 6 months we've seen 9 active users from your business.&amp;nbsp;&lt;/EM&gt;&lt;/P&gt;&lt;P&gt;&lt;EM&gt;- There are currently 163 GBs stored with Dropbox from your team members&lt;/EM&gt;&lt;/P&gt;&lt;P&gt;&lt;EM&gt;Do you have some time Thursday to discuss your account usage and options to keep this data protected?&lt;/EM&gt;&lt;/P&gt;&lt;P&gt;&lt;EM&gt;Best,&lt;/EM&gt;&lt;/P&gt;&lt;P&gt;&lt;EM&gt;Vicki&lt;/EM&gt;&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;I stated that we request that our employees don't use dropbox due to security concerns (like this, not being HIPAA compliant, high phishing email references, etc). I requested a list of the 84 account email addresses so that we can verify if any of them are our employees and address the other accounts with Drobbox's cyber security department. She said that the only way she could give me a list of names was to purchase the Admin Console package. I expressed our concerns about cyber fraud and she ghosted me. But... she just replied yesterday so she got wind of my post??? She says that dropbox and references to drop box "have never been linked to cyber criminal activity" which anyone who receives phishing emails knows this isn't correct.&lt;/P&gt;&lt;P&gt;I asked her several times to forward me to someone who can answer questions/help. I realize she is a sales rep and is just spamming people like she is told to do. In my research, I later find out that dropbox doesn't have a cyber security department to address account spoofing and cyber crime being committed using their product. It seems that a company would be able to request a list of everyone using &lt;EM&gt;&lt;STRONG&gt;their&lt;/STRONG&gt; &lt;/EM&gt;domain in the account creation process, and, be able to challenge any account that they find may be malicious.&lt;/P&gt;</description>
      <pubDate>Fri, 27 Oct 2023 18:13:20 GMT</pubDate>
      <guid>https://www.dropboxforum.com/t5/Security-and-Permissions/Users-spoofing-our-company-for-cyber-fraud/m-p/725054#M12072</guid>
      <dc:creator>Trainer232</dc:creator>
      <dc:date>2023-10-27T18:13:20Z</dc:date>
    </item>
    <item>
      <title>Re: Users spoofing our company for cyber fraud</title>
      <link>https://www.dropboxforum.com/t5/Security-and-Permissions/Users-spoofing-our-company-for-cyber-fraud/m-p/725094#M12076</link>
      <description>&lt;P&gt;Thanks for the update on this, &lt;SPAN style="background: var(--ck-color-mention-background); color: var(--ck-color-mention-text);"&gt;&lt;a href="https://www.dropboxforum.com/t5/user/viewprofilepage/user-id/1760859"&gt;@Trainer232&lt;/a&gt;&lt;/SPAN&gt;.&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;Do you perhaps have a reference or ticket number for this communication, so I can investigate further?&lt;/P&gt;</description>
      <pubDate>Fri, 27 Oct 2023 21:48:51 GMT</pubDate>
      <guid>https://www.dropboxforum.com/t5/Security-and-Permissions/Users-spoofing-our-company-for-cyber-fraud/m-p/725094#M12076</guid>
      <dc:creator>Hannah</dc:creator>
      <dc:date>2023-10-27T21:48:51Z</dc:date>
    </item>
    <item>
      <title>Re: Users spoofing our company for cyber fraud</title>
      <link>https://www.dropboxforum.com/t5/Security-and-Permissions/Users-spoofing-our-company-for-cyber-fraud/m-p/725096#M12077</link>
      <description>&lt;P&gt;It is email communication. Vicki Shen won't put me in contact with anyone to create a ticket and I can't find ANYTHING online from dropbox to talk with someone.Everything goes to a chat bot. No email. No phone number. No support ticket request option. No security contact. Lots of sales contact info though.&lt;/P&gt;</description>
      <pubDate>Fri, 27 Oct 2023 21:56:08 GMT</pubDate>
      <guid>https://www.dropboxforum.com/t5/Security-and-Permissions/Users-spoofing-our-company-for-cyber-fraud/m-p/725096#M12077</guid>
      <dc:creator>Trainer232</dc:creator>
      <dc:date>2023-10-27T21:56:08Z</dc:date>
    </item>
    <item>
      <title>Re: Users spoofing our company for cyber fraud</title>
      <link>https://www.dropboxforum.com/t5/Security-and-Permissions/Users-spoofing-our-company-for-cyber-fraud/m-p/725429#M12111</link>
      <description>&lt;P&gt;Thanks for the update, &lt;SPAN style="background: var(--ck-color-mention-background); color: var(--ck-color-mention-text);"&gt;&lt;a href="https://www.dropboxforum.com/t5/user/viewprofilepage/user-id/1760859"&gt;@Trainer232&lt;/a&gt;&lt;/SPAN&gt; and happy Monday.&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;Can I actually send you an email, so we can look a bit further into this?&lt;/P&gt;</description>
      <pubDate>Mon, 30 Oct 2023 12:30:42 GMT</pubDate>
      <guid>https://www.dropboxforum.com/t5/Security-and-Permissions/Users-spoofing-our-company-for-cyber-fraud/m-p/725429#M12111</guid>
      <dc:creator>Hannah</dc:creator>
      <dc:date>2023-10-30T12:30:42Z</dc:date>
    </item>
    <item>
      <title>Re: Users spoofing our company for cyber fraud</title>
      <link>https://www.dropboxforum.com/t5/Security-and-Permissions/Users-spoofing-our-company-for-cyber-fraud/m-p/725464#M12114</link>
      <description>&lt;P&gt;Yes Please!&lt;/P&gt;&lt;P&gt;Thank You!&lt;/P&gt;</description>
      <pubDate>Mon, 30 Oct 2023 14:28:07 GMT</pubDate>
      <guid>https://www.dropboxforum.com/t5/Security-and-Permissions/Users-spoofing-our-company-for-cyber-fraud/m-p/725464#M12114</guid>
      <dc:creator>Trainer232</dc:creator>
      <dc:date>2023-10-30T14:28:07Z</dc:date>
    </item>
    <item>
      <title>Re: Users spoofing our company for cyber fraud</title>
      <link>https://www.dropboxforum.com/t5/Security-and-Permissions/Users-spoofing-our-company-for-cyber-fraud/m-p/725508#M12115</link>
      <description>&lt;P&gt;Not a problem! I've just sent you an email, so we'll continue there.&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;Cheers!&lt;/P&gt;</description>
      <pubDate>Mon, 30 Oct 2023 18:08:38 GMT</pubDate>
      <guid>https://www.dropboxforum.com/t5/Security-and-Permissions/Users-spoofing-our-company-for-cyber-fraud/m-p/725508#M12115</guid>
      <dc:creator>Hannah</dc:creator>
      <dc:date>2023-10-30T18:08:38Z</dc:date>
    </item>
    <item>
      <title>Re: Users spoofing our company for cyber fraud</title>
      <link>https://www.dropboxforum.com/t5/Security-and-Permissions/Users-spoofing-our-company-for-cyber-fraud/m-p/727523#M12301</link>
      <description>&lt;P&gt;We have had the same person contact us the same way. None of our departments know her.&lt;/P&gt;&lt;P&gt;Was there an answer to whether or not this Vicki Shen is a real Account Executive?&lt;/P&gt;</description>
      <pubDate>Mon, 06 Nov 2023 23:13:03 GMT</pubDate>
      <guid>https://www.dropboxforum.com/t5/Security-and-Permissions/Users-spoofing-our-company-for-cyber-fraud/m-p/727523#M12301</guid>
      <dc:creator>Bugtown</dc:creator>
      <dc:date>2023-11-06T23:13:03Z</dc:date>
    </item>
    <item>
      <title>Re: Users spoofing our company for cyber fraud</title>
      <link>https://www.dropboxforum.com/t5/Security-and-Permissions/Users-spoofing-our-company-for-cyber-fraud/m-p/727791#M12328</link>
      <description>&lt;P&gt;No response yet. I've trying to communicate for quite a while. Any support is pretty lean at best.&lt;/P&gt;</description>
      <pubDate>Tue, 07 Nov 2023 19:24:12 GMT</pubDate>
      <guid>https://www.dropboxforum.com/t5/Security-and-Permissions/Users-spoofing-our-company-for-cyber-fraud/m-p/727791#M12328</guid>
      <dc:creator>Trainer2324</dc:creator>
      <dc:date>2023-11-07T19:24:12Z</dc:date>
    </item>
    <item>
      <title>Re: Users spoofing our company for cyber fraud</title>
      <link>https://www.dropboxforum.com/t5/Security-and-Permissions/Users-spoofing-our-company-for-cyber-fraud/m-p/727879#M12340</link>
      <description>&lt;P&gt;Hi &lt;SPAN style="background: var(--ck-color-mention-background); color: var(--ck-color-mention-text);"&gt;&lt;a href="https://www.dropboxforum.com/t5/user/viewprofilepage/user-id/1763916"&gt;@Bugtown&lt;/a&gt;&lt;/SPAN&gt; &amp;amp; &lt;a href="https://www.dropboxforum.com/t5/user/viewprofilepage/user-id/1764324"&gt;@Trainer2324&lt;/a&gt; - thanks for flagging this with us.&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;I'd recommend forwarding all the information surrounding your case directly to &lt;A href="mailto:abuse@dropbox.com" target="_blank"&gt;abuse@dropbox.com&lt;/A&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;Our team is going to investigate it, and if we find it to be against our Terms of Service or Acceptable Use Policy we will take action on it.&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;I hope this helps!&amp;nbsp;&lt;/P&gt;</description>
      <pubDate>Wed, 08 Nov 2023 06:08:12 GMT</pubDate>
      <guid>https://www.dropboxforum.com/t5/Security-and-Permissions/Users-spoofing-our-company-for-cyber-fraud/m-p/727879#M12340</guid>
      <dc:creator>Walter</dc:creator>
      <dc:date>2023-11-08T06:08:12Z</dc:date>
    </item>
    <item>
      <title>Re: Users spoofing our company for cyber fraud</title>
      <link>https://www.dropboxforum.com/t5/Security-and-Permissions/Users-spoofing-our-company-for-cyber-fraud/m-p/731159#M12551</link>
      <description>&lt;P class=""&gt;I’m closing this post out. Dropbox has been zero help. They refuse to investigate potential criminal activities on their platform, almost as if they are well aware of it and “a user is a user”. I’ve tried everything I could to get in touch with someone in their security department with no luck. The customer support rep who kept telling me that Dropbox wasn’t going to investigate this issue also refused to put me in touch with someone in their security department. I suspect that this is because there is no security department or any department set to deal with client data security, cybercrime, etc. I’m comfortable with the fact that I have plenty of documentation that they are well aware of the issue with people spoofing our domain and refused to do anything about it. If anyone contacts us stating they have been a victim of cybercrime, we can provide them with what they need for legal action.&lt;/P&gt;&lt;P class=""&gt;(And yes, I know Dropbox is going to delete this thread to cover their tracks.)&lt;/P&gt;</description>
      <pubDate>Mon, 20 Nov 2023 16:58:13 GMT</pubDate>
      <guid>https://www.dropboxforum.com/t5/Security-and-Permissions/Users-spoofing-our-company-for-cyber-fraud/m-p/731159#M12551</guid>
      <dc:creator>Trainer2324</dc:creator>
      <dc:date>2023-11-20T16:58:13Z</dc:date>
    </item>
    <item>
      <title>Re: Users spoofing our company for cyber fraud</title>
      <link>https://www.dropboxforum.com/t5/Security-and-Permissions/Users-spoofing-our-company-for-cyber-fraud/m-p/731800#M12600</link>
      <description>&lt;P&gt;Thanks for sharing your thoughts here &lt;SPAN style="background: var(--ck-color-mention-background); color: var(--ck-color-mention-text);"&gt;&lt;a href="https://www.dropboxforum.com/t5/user/viewprofilepage/user-id/1764324"&gt;@Trainer2324&lt;/a&gt;&lt;/SPAN&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;We can see that our team has already provided all the instructions and info we could at this time via your email correspondence.&amp;nbsp;&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;Rest assured that if we detect any violation of the &lt;A href="https://www.dropbox.com/terms#acceptable_use" target="_blank"&gt;Dropbox Acceptable Use Policy&lt;/A&gt;, such as phishing, malware, or spam, we will take immediate action. Make sure to contact us at abuse@dropbox.com, as mentioned here on the thread.&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;Regarding your email/domain safety: It's good to note that most companies, like Dropbox, have email address verification in place to ensure that the right owners have the accounts. However, if you believe that emails were created without your company authorization, we recommend reaching out to your email provider.&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;Also, if Dropbox detects a suspicious sign-in attempt, we will send a one-time security code to the email address associated with your Dropbox account as an additional security step.&amp;nbsp;&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;To sum up, for someone to fully use a Dropbox account, they would need to have access to the associated email address.&amp;nbsp;&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;You can find more information about our security procedures &lt;A href="https://help.dropbox.com/security" target="_blank"&gt;here&lt;/A&gt;.&lt;/P&gt;</description>
      <pubDate>Wed, 22 Nov 2023 17:15:58 GMT</pubDate>
      <guid>https://www.dropboxforum.com/t5/Security-and-Permissions/Users-spoofing-our-company-for-cyber-fraud/m-p/731800#M12600</guid>
      <dc:creator>Walter</dc:creator>
      <dc:date>2023-11-22T17:15:58Z</dc:date>
    </item>
  </channel>
</rss>

