Think before you click: Phishing email purports to share invoice via Dropbox; claims file will “run out in 24 hours”

Posted by Akankasha Dewan on 05 October 2020 18:25:49 AEDT


MailGuard has intercepted a new email scam purporting to be from Dropbox, a popular file sharing and collaboration platform among business.

Employing the Dropbox logo and branding, the email informs recipients that an invoice has been shared with them “on Dropbox”. It urges users to “view it now” as the file “would run out in 24 hours”. This is likely an attempt to evoke urgency and panic among recipients, motivating them to take swift action and view the file without pausing to check for its legitimacy.

A button is provided to view the invoice (though it isn’t titled), and the email ends with a sign-off from “The Dropbox” team. The email’s display name, however, doesn’t belong to Dropbox, and the email address in the “from:” field also doesn’t use a domain belonging to Dropbox. In addition, hovering over the button to the file reveals the usage of a link shortener (, included most likely to mask the true destination of the malicious link.


Unsuspecting recipients who click on the link to view the invoice are led to a login page asking them to verify their account. While this page contains the Office 365 logo, it does not look like a page typically associated with Microsoft or Office 365. The domain used in the page’s URL also doesn’t belong to Dropbox or Microsoft. This is actually a phishing page that appears to be hosted on a compromised website.


Once recipients enter their email address and password, the attacker harvests them for later use, and the user is met with an error saying that the credentials are invalid.

This scam contains several typical elements of a phishing email:

  • use of a major brand name to inspire false trust; the incorporation of the Dropbox logo & colour scheme boosts the credibility of the email,
  • the inclusion of the invoice reference number; this is typically expected of a well-established file-sharing platform such as Dropbox,
  • and attempt to intrigue; telling the recipient that someone has shared an unexpected file creates a sense of curiosity, motivating the recipient to click on the malicious link

Despite these techniques, eagle-eyed recipients of this email would be able to spot several red flags that point to the email’s in-authenticity. These include the fact that the email doesn’t address the recipient directly, and the domains used both in the sender’s email address and phishing pages don’t belong to Dropbox or Microsoft.

As a well-known and trusted company, Dropbox’s trademarks are regularly used by cybercriminals as camouflage for their phishing attacks. In addition, the nature of the file delivery platform itself makes it easier to deliver malicious files.

Check out Dropbox’s advisory on how to protect your Dropbox account from phishing and malware.


One email is all that it takes

All that it takes to break into your business is a cleverly-worded email message. If scammers can trick one person in your company into clicking on a malicious link they can gain access to your data.

For a few dollars per staff member per month, you can protect your business with MailGuard's predictive and advanced email security.

Talk to a solution consultant at MailGuard today about securing your company's network.

Why not stay up-to-date with MailGuard's latest blog posts by subscribing to free updates? Subscribe to weekly updates by clicking on the button below.

Keep Informed with Weekly Updates



Topics: Phishing microsoft dropbox email scams fraud fastbreak

Back to Blog


Something Powerful

Tell The Reader More

The headline and subheader tells us what you're offering, and the form header closes the deal. Over here you can explain why your offer is so great it's worth filling out a form for.


  • Bullets are great
  • For spelling out benefits and
  • Turning visitors into leads.

Recent Posts

Posts by Topic

see all