Dropbox Message – Real or Trick?

[Nigel Graham 2Participant @nigelgraham2]

[Nigel Graham 2Participant @nigelgraham2]

I had an e-post today apparently from something called Dropbox, basically a web-site describing enhancements to it and changes to my account's terms and conditions.

Worried, I looked up 'Dropbox-dot-com' separately, and it appears something real, so the message might have been a cynical advertising ruse; but……

a). I have no "Dropbox account".

b) I do not know anyone who does, to the best of my knowledge.

c) I have had no previous messages from anything called 'Dropbox'.

d) I do not know what it is – neither the e-post nor the Dropbox web-site told me its purpose, only how good it thinks it is; but I did not follow the former's links, nor go beyond the latter's home page..

I have blocked the sender – I think I blocked the domain too – but did not mark it as "spam".

Was I right to do that?

[Colin HeseltineParticipant @colinheseltine48622]

Dropbox is a real thing. I have used it for the last 7 or 8 years at the least. It is a method of storing/and or sharing files via the internet. Files are stored in the "cloud" and if wished can be shared with other users. Can be quite useful to share large files with a colleague/business/friends.

Colin

[Michael GilliganParticipant @michaelgilligan61133]

Dropbox is certainly real … I have a free account, and they occasionally send messages inviting me to upgrade.

I have also received a few which I’m confident are scams, and have forwarded these to report@phishing.gov.uk

Have you checked the address from which the message was sent ?

MichaelG.

.

My posting crossed with Colin’s

Edit: __ Some good advice direct from Dropbox here:

https://help.dropbox.com/security/phishing-virus-protection

Edited By Michael Gilligan on 21/01/2023 21:30:19

[WearyParticipant @weary]

Yes. Correct not to respond.

Well-known 'phishing' scam. Usually involves downloading a .pdf file to get any details about you and your passwords etc., that they can

You can forward the email to abuse@dropbox.com if you want.

If someone you don't recognize shares a file with you – Dropbox Help

Phil

Edited By Weary on 21/01/2023 21:28:18

[Peter G. ShawParticipant @peterg-shaw75338]

Was I right to do that?

In my opinion, yes.

I ignore any and all emails from people/businesses/whatever that I don't do business with. These days I actually get very little spam and I don't really know why. A few years ago, I did use to get lots of spam and thus I setup mugtraps to catch them before they were displayed, but over the years, it has reduced to negligible proportions, so much so that I no longer have any mugtraps. Why this is so, I haven't a clue, unless it's my ISP, BTInternet, that's blocking them.

Cheers,

Peter G. Shaw

[Nigel Graham 2Participant @nigelgraham2]

Thankyou!

I had vaguely heard of 'Dropbox' but not its purpose, and receiving a message about a supposed account with a company I have never used, raised my suspicions immediately.

Knowing now its purpose – thank you Colin – makes me even less inclined to use its genuine manifestation, if only because I don't need share large files.

Peter –

I wonder if the reduction in spam is due to you not responding to it. I have noticed that fraudulent telephone calls seem to come in little waves, and after I have sent a few packing all goes quiet for a while, even some months. One theory I have been told is that the blighters trade Yes/No number-lists. If so, perhaps similar occurs with unsolicited e-posts.

Would BT Internet (also my ISP) recognise the traps so can co-operate with them?

++++

Having done that, I have just been a-browsing to find transmission components for both the steam-wagon and horizontal-mill drive, and lo and behold, a stockist I would trust only about 25 miles from home, with everything I would need in one hefty shopping-trip.

It also sells lubricants – including steam-oils.

[OldironParticipant @oldiron]

I use Dropbox all the time to transfer files. Several members here have downloaded files from me when i send them the link  (  never uninvited )for something they need.

If you do not have an account do not answer any emails or download links. That applies to any website you do not know.

regards

Edited By Oldiron on 21/01/2023 22:31:23

[BazyleParticipant @bazyle]

Dropbox is a well known source of malware. Typical scams are to compromise the email account of someone you do do business with and then send out emails with supposed invoices, credit notes etc to be downloaded from a dropbox site to disguise the origin. they are actually programs to compromise your computer.
Major companies block it at their IT level or forbid its use. It really annoys me that people that I know still use it for genuine traffic despite the risks of compromise.

[OldironParticipant @oldiron]

Posted by Bazyle on 21/01/2023 23:00:41:

Dropbox is a well known source of malware. Typical scams are to compromise the email account of someone you do do business with and then send out emails with supposed invoices, credit notes etc to be downloaded from a dropbox site to disguise the origin. they are actually programs to compromise your computer.
Major companies block it at their IT level or forbid its use. It really annoys me that people that I know still use it for genuine traffic despite the risks of compromise.

All the more reason to use use a good paid for Malware Scanner such as Malwarebytes as well as an Antivirus program. Remember you only get what you pay for. Most free malware & virus scanners are not worth their salt. All pc's should have automatic scanning of emails & websites programs enabled. In Windows make sure that the Microsoft Security is turned on.

regards

[SillyOldDufferModerator @sillyoldduffer]

Umm, is Dropbox a security risk or a benefit? It's both. It's a security risk in the sense that the service provides a way of sharing files over the internet. As does almost everything else on the web, including this forum!

The forum is pretty safe to use because it doesn't take money, collect personal data, or share files other than JPG images. However, the site could be abused by using it to post links to something nasty. (Hopefully such don't survive for long because the forum is actively moderated.) A bad link could take you anywhere on the internet: Dropbox, any of the multitude of web-hosting services, or a server set up on a home-computer. They can all be abused.

Bazlye correctly says many employers block Dropbox and similar. True, but it's done on principle, not because Dropbox is particularly evil. Whenever an organisation is big enough to operate a professionally managed private network, they typically block as many external risks as they can. Organisations see no need to take security risks caused by employees naively surfing the web. Anything not needed by the business that represents an obvious risk gets blocked: it's not personal!

Home users run more risks. Their computers are protected to a degree by their ISP plus a few security packages. Neither of these protect against what I call poor internet hygiene. Porn, chasing 'bargains', downloading pirate software, gambling, buying drugs, going on the Darkweb, randomly clicking links, and answering dodgy emails are all likely to end badly. Good hygiene and thinking twice about trust before clicking are effective. People who would never take advice from a stranger in the street, are somehow more likely to trust the internet, phone calls and letters.

I use Dropbox to share files too large to send by email. I've sent magazine articles to Neil that way: he knew they were from me because we'd already established a relationship. I expect his computer still virus checked my efforts!

I also use Dropbox to share program source code, sometimes posting links on the forum. Here trust depends on my long presence on the forum supported by PMs and more personal contacts; I hope it's clear I'm not a fly by night opportunist. When the code is downloaded from Dropbox, it will usually be virus checked by the recipient's computer, and it can be read with a text editor to make sure it doesn't do anything dodgy. I wouldn't download or run a compiled program provided by a brand-new member without taking extreme precautions, no matter how wonderful he claimed it to be.

Technology used correctly is a boon, but all technology can be misused. I drive my car to the shops, others steal them to go ram-raiding…

Dave

[HopperParticipant @hopper]

In a nutshell, any unsolicited email about something you don't recognise, bin it. You did the right thing.

[JAParticipant @ja]

Dave

Thanks for a really good explaination. I have access to a drop box account but never had to use it.

During my last years at work we had access to the internet through the company's IT system. Searches using some words were blocked with very little chance of the block being lifted. Model was one such word.

JA

[Peter G. ShawParticipant @peterg-shaw75338]

Nigel,

I wonder if the reduction in spam is due to you not responding to it. I have noticed that fraudulent telephone calls seem to come in little waves, and after I have sent a few packing all goes quiet for a while, even some months. One theory I have been told is that the blighters trade Yes/No number-lists. If so, perhaps similar occurs with unsolicited e-posts.

Would BT Internet (also my ISP) recognise the traps so can co-operate with them?

Short answer – I've no idea, but I've wondered that. Does BT recognise my traps? Again I've no idea, but I suspect not. FWIW, I have a vague recollection that the major ISP's do keep taking down obvious scams, but that's all it is, vague! In other words, I don't really know.

Dave/SOD,

The only time I sent a long article to Neil, I did it by breaking it into a number of small standalone packages and numbered everything accordingly. Unfortunately, Neil then combined two of them and thus messed up my careful numbering. But that's by the by. What was important was that I broke the article into smaller sections, and then sent them using (in my case) Thunderbird (an open source email client similar to the usual one from Microsoft). So, no need for Dropbox or anything else of that ilk.

Tootle Pip,

Peter G. Shaw

 

 

 

Edited By Peter G. Shaw on 22/01/2023 12:41:28

[Martin Dilly 2Participant @martindilly2]

For files up to 2Gb I've used WeTransfer for years, which is free and has never given me any problems. Alerting the recipient in advance to how you're sending the files avoids him zapping it as an unknown.

[JasonBModerator @jasonb]

I wonder if Nigel may have opened a Dropbox file from here and it made a note of his contact details, Like Dave I use it to host mostly drawings for the build threads here and it is also a way to link to file types that can't be attached on this forum software.

So although he says he does not know anyone who uses it he may well have opened file hosted there and even downloaded them.

Misuse of Dropbox does not make Dropbox a bad thing, just something to be aware of. I could just as easily use it to send Pornographic images just as easily as pictures of engines, it's not the site that would be to blame.

If Nigel were to click his spam folder that should give an indication of what his system is blocking.

Dropbox is handy as the link stays there for anyone to use in the future say if they decide to buils an engine of mine some years later. Wetransfer is good for one offs and large files (mag articles with large image files) but you can't post a link on say a forum to documents.

[Nigel Graham 2Participant @nigelgraham2]

I can't think what file I might have opened from here, whatever its source. I have only ever used the main discussions and occasional private messages, but none of them sent files.

My Spam folder is empty and does not show its history.

'

As it happens I received an obvious attack e-post this morning, pretending to be from Santander and wanting to verify my portable-phone number. Not from the gang I have fought off a few times previously though: it is cruder, the message title is just ' .' , the sender is a number at talktalk, the English is a bit wonky, it displays an open line of code and it really does not look like anything from the bank with whom I have no account anyway!

I tried to forward it but the system refused for no stated reason. (Why won't failure messages actually tell you the problem, and in plain English, not programme-fault codes?) I will try again. I might need report it to individual authorities., not all three at once.

'

I realise the genuine Dropbox is not to blame for anything, though it's a service I have never used and am not likely to use.

[Nigel Graham 2Participant @nigelgraham2]

re that:

I wondered if the post title being just a full-stop sign, was a Forwarding stop control, lest I be tempted to forward it to "phishing at… ".

Changing it to "as attached", with a note to explain this, and sending it individually to each of phishing at HMRC, Santander and my own bank, seems to have worked.

[SillyOldDufferModerator @sillyoldduffer]

Posted by Peter G. Shaw on 22/01/2023 12:39:32:…

Would BT Internet (also my ISP) recognise the traps so can co-operate with them?

Short answer – I've no idea, but I've wondered that. Does BT recognise my traps? Again I've no idea, but I suspect not. FWIW, I have a vague recollection that the major ISP's do keep taking down obvious scams, but that's all it is, vague! In other words, I don't really know.

Dave/SOD,

The only time I sent a long article to Neil, I did it by breaking it into a number of small standalone packages and numbered everything accordingly. Unfortunately, Neil then combined two of them and thus messed up my careful numbering. But that's by the by. What was important was that I broke the article into smaller sections, and then sent them using (in my case) Thunderbird (an open source email client similar to the usual one from Microsoft). So, no need for Dropbox or anything else of that ilk.

Tootle Pip,

Peter G. Shaw

BT and other ISPs do protect customers from internet nastiness, but the effectiveness varies over time. Some ISPs are better than others, but exactly what they do isn't visible to customers. The most obvious sign is email being tagged as potential spam, and maybe not being sent or delivered. A friend ran his own email server, connected directly to the raw internet, and was amazed at the amount of crud it received and had to filter out.

Nigel mentioned he can#t forward a spam email; possibly this is because the system failed to detect it on the way in, but has identified it as a wrong'un on the way out. It's not a good idea to spread evil email by forwarding it to anybody! Report it, don't pass it on.

Breaking big articles into pieces to send them is one way of doing it, but it opens the door to mistakes. The author might leave something out, a section might be lost in transmission, and reassembling anything is famously difficult – even simple self-assembly furniture catches me out occasionally! Dropbox avoids all that and the risk of using it to receive articles is Neil's, not the author's. The risk is low if Neil knows who the sender is.

Dave

[Nigel Graham 2Participant @nigelgraham2]

It's not a good idea to spread evil email by forwarding it to anybody! Report it, don't pass it on.

I know it is in the normal way but this is forwarding them to the phishing-investigators. It's what they ask you to do, and their systems reply with an automatic thank-you.

Simply reporting to them it is no good because they can't analyse that.

I managed it in the end.

[Author]

Posts