How to protect yourself from phishing and viruses

Updated Dec 20, 2024
person icon

The information in this article applies to all Dropbox users.

Attackers and scammers look for ways to steal email addresses, passwords, credit card details, and other sensitive information. 

What phishing looks like

Phishing is an attempt by attackers to trick you into providing sensitive information by pretending to be a person or service you trust (such as Dropbox or your bank). 
 

Examples of phishing attacks

  • Emails that:
    • Ask you to reply with your username/email and password
    • Contain links to fake login pages or password reset pages
    • Contain links to view or download a file from someone you don’t know
    • Mention a current event, entice you with a prize or deal, or claim there’s an urgent reason for you to respond or click on a link
  • Links on social network posts or comments that lead to fake login pages or password reset pages
  • Phone calls, emails, or texts that appear like they’re from someone you know to get you to respond or click a link

What malware and viruses look like

Malware is any malicious software that attackers try to get you to install so they can steal your information or do harm to your files and computer. Malware includes things like viruses, adware, spyware, ransomware, trojan horses, and worms. 
 

Examples of malware attacks

  • Visiting a website, viewing an email, or clicking a pop-up window that installs software automatically
  • Fake emails and websites that impersonate Dropbox or another trusted source

How to tell if an email or website is officially Dropbox

Official Dropbox websites and emails only appear on or come from any of our verified Dropbox domains (such as dropbox.com or dropboxmail.com). 

You can view the email’s full headers to find out if it came from a forged address:

To view an email’s full headers in Gmail:

  1. While viewing the email, click “…” (More) in the upper right corner. 
  2. Click Show original.
  3. Check the email address under From:.

To view an email’s full headers in Yahoo Mail:

  1. While viewing the email, click More.
  2. Click View Raw Message
  3. Check the email address under From:.

To view an email’s full headers in Microsoft Outlook Windows or web:

  1. Double-click the email to open it in a new window. 
  2. Select the File tab and click Properties.
    • Web only: click Message Details (an envelope with a small document over it)
       
  3. Check the email address under From:.

To view an email’s full headers in Apple Mail:

  1. Right-click the email and select View Source from the pop-up menu.
  2. Check the email address under From:.

If someone you don't recognize shares a file with you

If you received an email notification about a shared folder or shared link, make sure the email really came from Dropbox. If it's not genuine or you're not sure, don't click any links in the email.

 

Forward the suspicious email to abuse@dropbox.com and we'll investigate.

 

Even if the notification came from Dropbox, don't view or download a file, or accept a shared folder invitation, unless you know the sender. If you don't know the sender, ignore the notification, delete the email, or decline the invitation.

 

If it looks like someone is hosting content on Dropbox that violates our Acceptable Use Policy, please report it to us.

How to report something suspicious to Dropbox

  • If you received a suspicious email, forward the complete message to abuse@dropbox.com.
  • If you received a suspicious link, send an email to abuse@dropbox.com and include a description of how you received the link and the full URL of the link.
  • You can also contact us with other inquiries at abuse@dropbox.com—if we find a violation of the Dropbox Acceptable Use Policy (such as phishing, malware, or spam), we’ll take immediate action.

Tips to stay protected from phishing and malware

Always check for the warning signs listed above before downloading a file or clicking a link.

  • If you don’t trust a link in an email, go directly to the normal login or home page for a service (for example, typing www.dropbox.com instead of clicking on a link).
  • If you’re not sure who an email is from, don’t click anything in the message.
  • If you received a suspicious message, contact the service or person directly to verify that the message or link really came from them.
  • Use strong passwords and choose a different password for each service you use.
  • Use two-step verification for Dropbox and other services that support it.
  • If you use the Dropbox mobile app on your smartphone or tablet, set a passcode that will be required every time the app is launched.
  • Enable browser security and privacy settings to block phishing, malware, and other malicious sites in Chrome, Internet Explorer, Safari, Firefox or your favorite browser.
  • Install the latest updates for operating systems, browsers, software, and applications as soon as they become available, as they may have important security updates.
  • Use anti-virus or other security tools to protect your devices.
  • Follow good security practices to protect your entire computer. It's a good idea to require a password to log in to your account and to resume from sleep, screensavers, and lock screens.
  • Report any suspicious items that appear to be from Dropbox by sending an email to abuse@dropbox.com.
  • If you come across a phishing attempt that impersonates other services, contact the service directly.
  • You can also report malicious links to Safebrowsing or Internet Explorer for browser blocking.

What to do if your device has been infected

Learn what to do if your files have been encrypted or infected by ransomware.  

Was this article helpful?

Let us know how why it didn't help:

Thanks for letting us know!

Thanks for your feedback!

Other ways to get help