All our contacts are receiving the below message from Dropbox. We had one of our user's email inbox hacked and contacts harvested. The hacker then created a Dropbox account in the name of [personal information removed per the Community's Guidelines] with the email address [email address removed per the Community's Guidelines]. [personal information removed per the Community's Guidelines] is one of our users and [email address removed per the Community's Guidelines] is close to her email address but not her email address. Is there a way to contact Dropbox fraud/security to stop these emails from being sent from Dropbox or on behalf of Dropbox as the attachment is fraudulent and possibly a virus? This is damaging our brand as well as the Dropbox brand as this is being sent to many unsuspecting recipients.
This 'spoof' email has been sent out to our email list - three times.
The spam email is using our profile - tweaked with small changes - to create fraudulent email addresses (yahoo, outlook) and asking email recipients to click on the 'dropbox' link to download files. People are ringing/emailing asking for confirmation that the email is from us - and asking 'why doesn't the link work?'...but by then they have logged in with their username and password.
Our IT people say - it is too late for us to do anything - as our email addresses were harvested. All we can do is apologise? Suggest they put this spam email address on their junk filter?
But my question, is what can dropbox do to prevent future spam attacks - coming from the dropbox system?