Update: Looks like it’s a legitimate email from Dropbox. I’m wrong (won’t be the last time):

From TUAW.com

Dropbox sends password change notification to some users

In the meantime, some Dropbox users who have never changed their password or who have an easily crackable password will be getting email reminders to change their password. These emails may appear suspicious, but they are coming from Dropbox (and you should double-check, should you receive one, that you’re directed to a Dropbox reset page). When you pick a new password, you can make it extra secure by using a random generation system like Diceware — endorsed by the makers of 1Password and XKCD alike.

Here’s my original (alarmed) post:

I just got this plausible-looking message … “Please create a new Dropbox password” …
but it’s got to be a SCAM. If you get one, my advice is Don’t click!!
(Of course my Dropbox account is working just fine without any change of password.)

The sender is NOT Dropbox but no-reply@dropboxmail.com (spoofed, in other words)


This is NOT from Dropbox. It’s from some loathsome con artists, I reckon. [Update: Oo er. Maybe it IS legit! See comments.]

– P