How do you know if a message is legitimate? It’s not always obvious, but there are ways to suss out the scams. Tap or click here for five subtle clues that email is really a clever phishing scam. Scammers often impersonate well-known companies and services to gain your trust. One recent scam involves Dropbox, which is used by millions. Here’s what to look out for.

Here’s the backstory

Dropbox is a file-hosting service that countless people and businesses use to upload and share files. It also offers cloud services. With over 700 million users, it’s one of the most popular services. This, unfortunately, makes Dropbox a prime target for scammers and hackers. They’ll use it to steal email addresses, passwords, payment info and other sensitive information. If that’s not bad enough, cybercriminals try to upload malware and viruses. RELATED: Top 3 holiday scams you and your loved ones need to know about We found an example of one Dropbox scam that came to us via email. The message inside said, “A private Document was shared with DropBox by contact in your address book.” Hmm, we already spotted an error with grammar. Below the message was a link labeled View. Just hovering the mouse over the link showed a very suspicious, nonsensical URL that did not link to any Dropbox page. Well, we clicked it so we could get a screenshot for you, and here it is: On the right are links to various email services. On the left is a box with instructions: “To view document select yor email provider at right and login with email address.” There’s also a line about selecting “other emails if your email provider not in the right.” There’s a lot to unpack here. Let’s go over the red flags:

The URL is a string of random letters and numbers. It doesn’t include Dropbox.The grammar and spelling are terrible. There’s no option for “other emails.”None of the links work on the bottom right (About, Help).

Any one of these issues is a sure sign of a scam. If you open one of the email links and enter your login credentials, you’ll be handing them over to crooks. Also, clicking a link or pop-up window could trigger a malware installation.

How to stay safe

Here’s a good golden rule: Never open a link or download a file from someone you don’t know, even if the red flags aren’t there. Here are some more ways to avoid getting scammed or hacked:

Always use 2FA — Use two-factor authentication (2FA) for better security whenever available. Tap or click here for details on 2FA.Use strong, unique passwords — Tap or click here for an easy way to follow this step with password managers.Antivirus is vital — Always have a trusted antivirus program updated and running on all your devices. We recommend our sponsor, TotalAV. Right now, get an annual plan with TotalAV for only $19 at ProtectWithKim.com. That’s over 85% off the regular price!

Keep reading

If you get an email with this phone number, don’t call! It’s a money-stealing scam That’s not the FBI on the phone, but here’s how scammers will scare you