How to protect yourself from phishing and viruses
Attackers and scammers often look for ways to steal email addresses, passwords, credit card details, and other sensitive information.
What phishing looks like
Phishing is an attempt by attackers to trick you into providing sensitive information by pretending to be a person or service you trust (such as Dropbox or your bank).
Examples of phishing attacks
- Emails that:
- Ask you to reply with your username/email and password
- Contain links to fake login pages or password reset pages
- Contain links to view or download a file from someone you don’t know
- Mention a current event, entice you with a prize or deal, or claim there’s an urgent reason for you to respond or click on a link
- Links on social network posts or comments that lead to fake login pages or password reset pages
- Phone calls, emails, or texts that appear like they’re from someone you know to get you to respond or click a link
What malware and viruses look like
Malware is any malicious software that attackers try to get you to install so that they can steal your information or do harm to your files and computer. Malware includes things like viruses, adware, spyware, ransomware, trojan horses, and worms.
Examples of malware attacks
- Visiting a website, viewing an email, or clicking a pop-up window that installs software automatically
- Fake emails and websites that impersonate Dropbox or another trusted source
How to tell if an email or website is officially Dropbox
Official Dropbox websites and emails will only appear on or come from any of our verified Dropbox domains (such as dropbox.com or dropboxmail.com).
You can view the email’s full headers to find out if it came from a forged address:
To view an email’s full headers in Gmail:
- While viewing the email, click “…” (More) in the upper right corner.
- Click Show original.
- Check the email address under From:.
To view an email’s full headers in Yahoo Mail:
- While viewing the email, click More.
- Click View Raw Message.
- Check the email address under From:.
To view an email’s full headers in Microsoft Outlook Windows or web:
- Double-click the email to open it in a new window.
- Select the File tab and click Properties.
- Web only: click Message Details (an envelope with a small document over it)
- Web only: click Message Details (an envelope with a small document over it)
- Check the email address under From:.
To view an email’s full headers in Apple Mail:
- Right-click the email and select View Source from the pop-up menu.
- Check the email address under From:.
How to report something suspicious to Dropbox
- If you received a suspicious email, forward the complete message to abuse@dropbox.com
- If you received a suspicious link, send an email to abuse@dropbox.com and include a description of how you received the link and the full URL of the link
- You can also contact us with other inquiries at abuse@dropbox.com—if we find a violation of the Dropbox Acceptable Use Policy (such as phishing, malware, or spam), we’ll take immediate action
Tips to stay protected from phishing and malware
Always check for the warning signs listed above before downloading a file or clicking a link.
- If you don’t trust a link in an email, go directly to the normal login or home page for a service (for example, typing www.dropbox.com instead of clicking on a link)
- If you’re not sure who an email is from, don’t click anything in the message
- If you received a suspicious message, contact the service or person directly to verify that the message or link really came from them
- Use strong passwords and choose a different password for each service that you use
- Use two-step verification for Dropbox and other services that support it
- If you use the Dropbox mobile app on your smartphone or tablet, set a passcode that will be required every time the app is launched
- Enable browser security and privacy settings to block phishing, malware, and other malicious sites in Chrome, Internet Explorer, Safari, Firefox or your favorite browser
- Install the latest updates for operating systems, browsers, software, and applications as soon as they become available, as they may have important security updates
- Use anti-virus or other security tools to protect your devices
- Follow good security practices to protect your entire computer. It's a good idea to require a password to log in to your account and to resume from sleep, screensavers, and lock screens.
- Report any suspicious items that appear to be from Dropbox by sending an email to abuse@dropbox.com
- If you come across a phishing attempt that impersonates other services, contact the service directly
- You can also report malicious links to Safebrowsing or Internet Explorer for browser blocking
What to do if your device has been infected
Learn what to do if your files have been encrypted or infected by ransomware.