So I just received an email from firstname.lastname@example.org saying that someone had tried to log into my account from an "unrecognised location". I found it weird because I don't even use that email account with Dropbox, but the email address seems legit.
I'm attaching a screenshot of the email.
Anyway, there is a link "Click here to verify...". I didn't click, I copied the link instead, without visiting it. And here's what came up:
https://www (dot) dijitalkurumsal (dot) com/js/EMAILVARIFICATION.php?email= + my email address
So be careful, because I think "dijitalkurumsal" has nothing to do with Dropbox. 😕
Hey there @Luispw - welcome to our Community and thanks for flagging this with us!
At first, note that legitimate emails from us would come from email@example.com and not firstname.lastname@example.org.
That being said, I'm glad to hear you didn't click on any link within that email as it appears that this message was impersonating Dropbox’s services in an attempt to maliciously impact your machine.
Moreover, I wanted you to know that your diligence is what's helping us keep all of our users safe. We appreciate you reporting fake Dropbox URLs or attempts to compromise user’s credentials.
If it's not to much to ask, I'd also suggest forwarding your report directly to email@example.com.
I hope this helps at some extent and -once again- thanks for bringing this to our attention.
If there's anything else you'd like to add or ask, please feel free to get back to me; I'll be more than happy to follow up.
Thanks for your prompt response. Sorry for thinking that email address was legitimate. I thought so because I'd seen another thread mentioning it was. Maybe I misread that.
I will forward my original message to firstname.lastname@example.org.
The dropboxmail.com domain name is actually a legitimate domain used to send official email from Dropbox, but that doesn't mean that someone can't spoof the address and send fake emails that appear to come from it, such as in the phishing attempt that you received.
You can find a list of the official domains used by Dropbox in the following help article:
@Luispw: Apologies for jumping up the gun there; it seems like my coffee hadn't kicked in yet
As @Rich correctly mentioned (can't thank you enough Rich), this is an official domain of ours (unfortunately, susceptible to such attacks) - I'm sorry for not including this piece of information in my initial response.
That being said, if you've already forwarded your report to our team (as mentioned), rest assured we'll take the appropriate actions in due time.
Have a lovely week!
[This thread is now closed by moderators due to inactivity. If you're experiencing a similar behavior or have a question, feel free to Ask for help from the Community here.]
The way we work is changing. Share and discover new ways to work smarter with Dropbox in our community.Sound good? Let's get started.
For more info on available support options, see this article.
If you found the answer to your question, please 'like' the post to say thanks to the user!