Medium riskEmail Scams

Dropbox Shared File Scam

This scam sends an email claiming someone shared a Dropbox file or folder with you. The 'View file' link leads to a fake login page designed to capture your email address and Dropbox or work password.

Quick verdict

Risk level
Medium risk
Scam type
File-sharing phishing scam
Main red flag
An unexpected file-share email pushing you to log in through a link to view a document.
What to do first
Do not click the link. Open Dropbox directly from your browser or app and check for any shared files there.

What this scam usually looks like

This scam sends an email claiming someone shared a Dropbox file or folder with you. The 'View file' link leads to a fake login page designed to capture your email address and Dropbox or work password.

Example message pattern

Example pattern — not a real report
Example pattern: 'A document has been shared with you on Dropbox. You have 1 file waiting. View file now before access expires: [suspicious link]'

This is a fictional, anonymised example used to illustrate the pattern. It is not a verified real message, and any names are used only to show how the scam typically reads.

Red flags to watch for

  • A shared-file notice from someone you do not recognise or were not expecting
  • A 'View file' or 'Download' button that leads away from the official dropbox.com domain
  • A login page that asks for your email password rather than only a Dropbox password
  • Vague file names like 'Invoice', 'Document' or 'Scan' with no real context
  • Pressure that access will expire or the file will be deleted soon

What to do

  • Hover over or long-press the link to preview the address without clicking it
  • Open Dropbox directly through the app or by typing the address yourself to check for shared files
  • Contact the supposed sender through a known channel to confirm they shared anything
  • Report the email as phishing and delete it

If you already clicked or replied

  • Do not enter your password on the page that opened
  • If you already entered it, change your Dropbox password immediately
  • Change the password anywhere you reused that same login and enable two-step verification
  • Review your Dropbox account's connected devices and active sessions for anything unfamiliar

What not to do

  • Do not enter your email or work password on a page reached through the link
  • Do not approve any login or two-step prompt you did not start
  • Do not forward the file link to colleagues before confirming it is genuine

Similar scams

Medium risk Email

Google Docs Sharing Scam

This scam sends an email saying someone shared a Google Doc or file with you, with an 'Open' link that leads to a fake Google login page or asks you to grant risky account permissions, aiming to capture your password or access your account.
Medium risk Email

Fake DocuSign Email Scam

This scam sends a fake 'you have a document to review and sign' email with a 'View Document' link that leads to a credential-harvesting page or to malware instead of a genuine document.
High risk Email

Microsoft Account Email Scam

This scam sends a fake Microsoft or Outlook email about an unusual sign-in or an account about to be closed, linking to a fake Microsoft login page that captures your email and password.

Frequently asked questions

Why does the page ask for my email password to open a Dropbox file?
Genuine Dropbox sharing does not need your email provider's password. A page asking for it is a strong sign the login form is fake and built to harvest your credentials.
The sender's name looks like a real contact. Is it safe?
Scammers often spoof names or use compromised accounts. Confirm with the person directly through a number or address you already have before opening anything.
What if I only clicked but did not type anything?
Clicking alone is lower risk, but close the page, avoid entering details, and run a security scan if you downloaded any file. Stay alert for follow-up messages.
How can I report a fake Dropbox email?
You can report it to Dropbox through its official abuse or phishing address, mark it as phishing in your email client, and tell your IT team if it reached a work account.

Last reviewed: June 2026

Disclaimer: This page provides educational information only to help you recognise common scam patterns. It is not legal, financial, cybersecurity, or law enforcement advice, and it does not confirm whether any specific message, company, or person is genuine or fraudulent. When in doubt, contact the official organisation directly and report concerns to your local authorities.