Dropbox Phishing Scam
Home ScamsPhishing Scams Fake Dropbox ‘Sent You a File’ Emails Are Phishing Scams

Fake Dropbox ‘Sent You a File’ Emails Are Phishing Scams

by Brett M. Christensen

According to this email, someone has sent you a file using online file hosting service Dropbox.  The email urges you to click a link to see the file. It may appear to come from someone you know.

However, the link in the email does not open a document on Dropbox. Instead, it opens a website that is designed to steal your email account login details.

Here’s what the scam email looks like:

DropBox Phishing Scam Email

If you fall for the ruse and click the link, you will be taken to a website that looks like it belongs to Dropbox. The site claims that the document is protected and you must select your email provider and log in to access the files.

Fake Dropbox email login website

Clicking on the name of your email provider opens a popup login window that asks for your email address or username and your email account password.  The screenshot below shows the popup for a generic email account login. The other popups are branded to their respective service providers.

Email account login scam popup

After you provide your login details, you will be redirected to a website that features a report about investment strategies. In fact, the website, which belongs to a large US bank, has no connection to the scam. The criminals have automatically redirected you to the legitimate bank website in an effort to trick you into believing that you really have been given access to the promised file.

But, meanwhile, the criminals can collect the login details that you provided and use them to hijack your email account.  Once they have gained access to your account, they can use it to distribute the same scam email to your friends and business contacts. These recipients may be more likely to believe that the email is legitimate because it came from your account. 
The criminals may also use your account to conduct further spam, scam, and malware campaigns in your name.

Moreover, as is often the case these days, your email account may be linked to various others services such as online file storage, contacts,  and app stores.  So, the criminals can collect your personal information and conduct fraudulent transactions in the app store. They may manage to gather enough information about you to steal your identity.

Phishing scam emails like this are common.  Keep in mind that Dropbox will never ask you to provide your email account password to access stored files. Some, like the version discussed here ask for your email account login credentials.  Other versions may take you to a fake website that asks you to enter your Dropbox login details. Doing so will give criminals access to all of the files you have stored in Dropbox.

Similar fake file notification emails are also used to distribute malware.

The Dropbox website includes information about protecting yourself from phishing scams and malware attacks.

Importance Notice

After considerable thought and with an ache in my heart, I have decided that the time has come to close down the Hoax-Slayer website.

These days, the site does not generate enough revenue to cover expenses, and I do not have the financial resources to sustain it going forward.

Moreover, I now work long hours in a full-time and physically taxing job, so maintaining and managing the website and publishing new material has become difficult for me.

And finally, after 18 years of writing about scams and hoaxes, I feel that it is time for me to take my fingers off the keyboard and focus on other projects and pastimes.

When I first started Hoax-Slayer, I never dreamed that I would still be working on the project all these years later or that it would become such an important part of my life. It's been a fantastic and engaging experience and one that I will always treasure.

I hope that my work over the years has helped to make the Internet a little safer and thwarted the activities of at least a few scammers and malicious pranksters.

A Big Thank You

I would also like to thank all of those wonderful people who have supported the project by sharing information from the site, contributing examples of scams and hoaxes, offering suggestions, donating funds, or helping behind the scenes.

I would especially like to thank David White for his tireless contribution to the Hoax-Slayer Facebook Page over many years. David's support has been invaluable, and I can not thank him enough.

Closing Date

Hoax-Slayer will still be around for a few weeks while I wind things down. The site will go offline on May 31, 2021. While I will not be publishing any new posts, you can still access existing material on the site until the date of closure.

Thank you, one and all!

Brett Christensen,