You might see that the Dropbox Community team have been busy working on some major updates to the Community itself! So, here is some info on what’s changed, what’s staying the same and what you can expect from the Dropbox Community overall.

Forum Discussion

Luispw's avatar
Luispw
Explorer | Level 3
6 years ago

BEWARE: Fake email from "no-reply@dropboxmail.com"

So I just received an email from no-reply@dropboxmail.com saying that someone had tried to log into my account from an "unrecognised location". I found it weird because I don't even use that email account with Dropbox, but the email address seems legit. 

I'm attaching a screenshot of the email. 

Anyway, there is a link "Click here to verify...". I didn't click, I copied the link instead, without visiting it. And here's what came up: 

https://www (dot) dijitalkurumsal (dot) com/js/EMAILVARIFICATION.php?email= + my email address

So be careful, because I think "dijitalkurumsal" has nothing to do with Dropbox. :-/

  • Rich's avatar
    Rich
    6 years ago

    The dropboxmail.com domain name is actually a legitimate domain used to send official email from Dropbox, but that doesn't mean that someone can't spoof the address and send fake emails that appear to come from it, such as in the phishing attempt that you received.

    You can find a list of the official domains used by Dropbox in the following help article:

    [Mod edit 2023, edited Help Center link]

  • Walter's avatar
    Walter
    Icon for Dropbox Staff rankDropbox Staff

    Hey there Luispw - welcome to our Community and thanks for flagging this with us!

    At first, note that legitimate emails from us would come from no-reply@dropbox.com and not no-reply@dropboxmail.com.

    That being said, I'm glad to hear you didn't click on any link within that email as it appears that this message was impersonating Dropbox’s services in an attempt to maliciously impact your machine. 

    Moreover, I wanted you to know that your diligence is what's helping us keep all of our users safe. We appreciate you reporting fake Dropbox URLs or attempts to compromise user’s credentials. 

    If it's not to much to ask, I'd also suggest forwarding your report directly to abuse@dropbox.com.

    I hope this helps at some extent and -once again- thanks for bringing this to our attention.

    If there's anything else you'd like to add or ask, please feel free to get back to me; I'll be more than happy to follow up. 

    • Luispw's avatar
      Luispw
      Explorer | Level 3

      Hi Walter! 

      Thanks for your prompt response. Sorry for thinking that email address was legitimate. I thought so because I'd seen another thread mentioning it was. Maybe I misread that. 

      I will forward my original message to abuse@dropbox.com. 

      Thanks again.

      Take care. 

      • Rich's avatar
        Rich
        Icon for Super User II rankSuper User II

        The dropboxmail.com domain name is actually a legitimate domain used to send official email from Dropbox, but that doesn't mean that someone can't spoof the address and send fake emails that appear to come from it, such as in the phishing attempt that you received.

        You can find a list of the official domains used by Dropbox in the following help article:

        [Mod edit 2023, edited Help Center link]