Q. I got a message asking me to verify a new Dropbox account, but I never signed up for Dropbox. I suspect this is a hoax, but I looked at the return address and it seems to be pointing to Dropbox itself. Has my email account been hacked?
A. A compromised email account is often a possibility, especially if you have not taken precautions like enabling two-factor authentication, but a new wave of fraudulent spam has been going around and it uses supposed Dropbox verification as bait. In this type of phishing attack, the perpetrators put a legitimate Dropbox address in the message’s sender field — usually firstname.lastname@example.org, which is the real address Dropbox puts on messages when it is legitimately asking you to verify a new account.
Credit The New York Times
However, the “Verify my email” button or link in the body of the message disguises the real destination the attacker wishes to send you. The button graphic or link is designed to send you to a phishing site or possibly download a virus; some observers have reported that the fake Dropbox links lead to ransomware that takes the user’s hard drive hostage by encrypting its files.
You can see the real link under the “Verify my email” button in a few ways, like viewing the message in plain text (instead of the HTML commonly used to display links and graphics in email) in your desktop mail program. On a mobile device, press and hold the button or link — but do not tap it as you normally would — to reveal the hidden address. You can report the phishing messages by forwarding them to email@example.com.
Dropbox users have been frequent targets of scammers. The company’s support site has a guide to recognizing malware and phishing attempts, as well as instructions for enabling two-step verification for stronger account protection.