So I just received an email from email@example.com saying that someone had tried to log into my account from an "unrecognised location". I found it weird because I don't even use that email account with Dropbox, but the email address seems legit.
I'm attaching a screenshot of the email.
Anyway, there is a link "Click here to verify...". I didn't click, I copied the link instead, without visiting it. And here's what came up:
https://www (dot) dijitalkurumsal (dot) com/js/EMAILVARIFICATION.php?email= + my email address
So be careful, because I think "dijitalkurumsal" has nothing to do with Dropbox. 😕
The dropboxmail.com domain name is actually a legitimate domain used to send official email from Dropbox, but that doesn't mean that someone can't spoof the address and send fake emails that appear to come from it, such as in the phishing attempt that you received.
You can find a list of the official domains used by Dropbox in the following help article:
@Luispw: Apologies for jumping up the gun there; it seems like my coffee hadn't kicked in yet
As @Rich correctly mentioned (can't thank you enough Rich), this is an official domain of ours (unfortunately, susceptible to such attacks) - I'm sorry for not including this piece of information in my initial response.
That being said, if you've already forwarded your report to our team (as mentioned), rest assured we'll take the appropriate actions in due time.