Announcements
Known issues updated. Learn more

default

no

Highlighted

Genuine Dropbox notifications but spam

New member | Level 2

I am part of the Cyber team in my organisation. We have seen many reports from users around the Dropbox notifications which they receive from the users they know stating a xxxx.pdf file was shared. Obviously the user clicks on the link but mostly do not get the file as stated and the urls are indeed pointing to Dropbox itself. In many cases we have verified that the purported sender haven't send a file at all. Looking at the email headers it appears the email did come from Dropbox (AWS cloud) which is confusing. Do the experts here have any clue on how this unsolicited emails reach the recepients ? It is obvious that social engineering in play and most likely if the file or link happens to be malicious there are good chances to get infected. I have raised couple of times via cases to dropbox but unfortunately I have never got an explanation. Appreciate any inputs if Dropbox admins is aware of this and advise how this spamming is successful.

3 Replies

Re: Genuine Dropbox notifications but spam

Dropboxer
Hey there @Joes1977
 
Could you provide me with some additional info on this so as to have a better understanding of your concern? For example:
  • Are you receiving these notifications via email, the website, the desktop app, or the mobile app?
  • Is it always from the same user?
  • Is the same .pdf file always mentioned as being shared?
  • When users click on it, what happens? Do they get an error?
Any screenshots (without personal info) would also be very helpful. 
 
Thanks in advance!

Lusil
Community Moderator @ Dropbox
https://dropbox.com/support


Heart Did this post help you? If so, please give it a Like below. 
White check mark Did this post fix your issue/answer your question? If so please press the 'Accept as Solution' button to help others find it.
Arrows Counter Clock Still stuck? Ask me a question! (
Questions asked in the community will likely receive an answer within 4 hours!)

Reply
Loading...

Re: Genuine Dropbox notifications but spam

New member | Level 2
  • Are you receiving these notifications via email, the website, the desktop app, or the mobile app? Email to the user in their corporate ID.
  • Is it always from the same user? Nope, few cases were reported which I was involved. Last two cases the same notification from a genuine client's name came to 4 people in the same project. However the recepients were not expecting a file to be shared by the client. Client later confirmed he did not send it.
  • Is the same .pdf file always mentioned as being shared? Nope - infact both times users were not successful downloading the file. They said the download did not work. When I attempted the link went to a Dropbox 404 error which means the page is unavailable.
  • When users click on it, what happens? Do they get an error? - As above.
    The links to download the file below and the email headers indicate a genuine notification.

    https://www.dropbox.com/l/scl/AADBoWEWG6uR64Fo-kVSWRc52rYOFUdOp2c

    https://www.dropbox.com/l/scl/AABXJAW_pBLrs0AoMsx2hNGscsz1xKMhaks

Reply
Loading...

Re: Genuine Dropbox notifications but spam

Dropboxer
Thanks for the information, @Joes1977! Much appreciated. 
 
In this case, I’d recommend for the users that the email notifications mention were from to submit a ticket to our Support team so as to have a more in-depth look on the matter. 
 
I understand that this doesn’t resolve the issue for you, but I do hope it helps to some extent. 

Lusil
Community Moderator @ Dropbox
https://dropbox.com/support


Heart Did this post help you? If so, please give it a Like below. 
White check mark Did this post fix your issue/answer your question? If so please press the 'Accept as Solution' button to help others find it.
Arrows Counter Clock Still stuck? Ask me a question! (
Questions asked in the community will likely receive an answer within 4 hours!)

Reply
Loading...
Syncing and uploads

Have a question? Our Dropbox Community is here to help!

Post your question or search for an answer below.


Learn more about using the Community by reading our Community Guidelines.


Hi anonymous,

If you need more help you can log a ticket with our Support Team here (expected response time 24 hours), or contact us on Twitter or Facebook.

For more info on available support options, see this article.

If you found the answer to your question, please 'like' the post to say thanks to the user!

Genuine Dropbox notifications but spam
180 Views
3 Replies
0 Likes
Who's talking
Top contributors to this post