cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Update: Find information on Dropbox support during COVID-19 here
Close
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted

Genuine Dropbox notifications but spam

New member | Level 2
New member | Level 2

I am part of the Cyber team in my organisation. We have seen many reports from users around the Dropbox notifications which they receive from the users they know stating a xxxx.pdf file was shared. Obviously the user clicks on the link but mostly do not get the file as stated and the urls are indeed pointing to Dropbox itself. In many cases we have verified that the purported sender haven't send a file at all. Looking at the email headers it appears the email did come from Dropbox (AWS cloud) which is confusing. Do the experts here have any clue on how this unsolicited emails reach the recepients ? It is obvious that social engineering in play and most likely if the file or link happens to be malicious there are good chances to get infected. I have raised couple of times via cases to dropbox but unfortunately I have never got an explanation. Appreciate any inputs if Dropbox admins is aware of this and advise how this spamming is successful.

3 Replies 3
Highlighted

Re: Genuine Dropbox notifications but spam

Dropboxer
Dropboxer
Hey there @Joes1977
 
Could you provide me with some additional info on this so as to have a better understanding of your concern? For example:
  • Are you receiving these notifications via email, the website, the desktop app, or the mobile app?
  • Is it always from the same user?
  • Is the same .pdf file always mentioned as being shared?
  • When users click on it, what happens? Do they get an error?
Any screenshots (without personal info) would also be very helpful. 
 
Thanks in advance!

Lusil
Community Moderator @ Dropbox
https://dropbox.com/support


Heart Did this post help you? If so, please give it a Like below.
Still stuck? Ask me a question!
Tips & Tricks Find new ways to stay in flow or share your tips on how you work smarter with Dropbox.

Highlighted

Re: Genuine Dropbox notifications but spam

New member | Level 2
New member | Level 2
  • Are you receiving these notifications via email, the website, the desktop app, or the mobile app? Email to the user in their corporate ID.
  • Is it always from the same user? Nope, few cases were reported which I was involved. Last two cases the same notification from a genuine client's name came to 4 people in the same project. However the recepients were not expecting a file to be shared by the client. Client later confirmed he did not send it.
  • Is the same .pdf file always mentioned as being shared? Nope - infact both times users were not successful downloading the file. They said the download did not work. When I attempted the link went to a Dropbox 404 error which means the page is unavailable.
  • When users click on it, what happens? Do they get an error? - As above.
    The links to download the file below and the email headers indicate a genuine notification.

    https://www.dropbox.com/l/scl/AADBoWEWG6uR64Fo-kVSWRc52rYOFUdOp2c

    https://www.dropbox.com/l/scl/AABXJAW_pBLrs0AoMsx2hNGscsz1xKMhaks

Highlighted

Re: Genuine Dropbox notifications but spam

Dropboxer
Dropboxer
Thanks for the information, @Joes1977! Much appreciated. 
 
In this case, I’d recommend for the users that the email notifications mention were from to submit a ticket to our Support team so as to have a more in-depth look on the matter. 
 
I understand that this doesn’t resolve the issue for you, but I do hope it helps to some extent. 

Lusil
Community Moderator @ Dropbox
https://dropbox.com/support


Heart Did this post help you? If so, please give it a Like below.
Still stuck? Ask me a question!
Tips & Tricks Find new ways to stay in flow or share your tips on how you work smarter with Dropbox.

Work Smarter with Dropbox

The way we work is changing. Share and discover new ways to work smarter with Dropbox in our community.

Sound good? Let's get started.
Who's talking

Top contributors to this post

What do Dropbox user levels mean?
Need more support?