At Runbox, we work hard to keep your inbox safe. But phishing attacks are growing more sophisticated with AI-generated content and QR-based attacks, and it’s crucial that you know how to spot them. Here’s what you need to know to protect your account and your information.

🛑 What Is Phishing?
Phishing emails are a type of scam where attackers send emails pretending to be trusted services such as Runbox. The main goal is to trick you into giving up your login info – your username and password – so attackers can access your account. Often, they do this by sending urgent messages to lure you in. They might:
- Pretend to be from Runbox
- Urge you to “verify your account” or “avoid deactivation”
- Link to a fake login page that looks legitimate – but isn’t
- Include malicious attachments or QR codes
🔍 Watch Out for Fake Login Pages
One of the most common phishing tricks is to link you to a login page that looks similar to the real Runbox login page – but it isn’t. Always check the URL carefully. If it doesn’t start with https://runbox.com, it’s not us.
Fake pages may copy our layout but can have small differences, like:
- Slightly different colors or fonts
- Strange login page with incorrect or poor quality logo
- A strange or misspelled URL (web address)
- Missing security indicators (like the padlock icon in your browser)

👀 How to Spot a Phishing Email
- Check the sender address: Genuine Runbox emails always come from @runbox.com.
- Look closely at links: Hover before clicking. If it doesn’t point to runbox.com, don’t trust it.
- Be cautious with urgency: Phrases like “act now” or “account deactivated” are designed to pressure you. Runbox will never ask you to act urgently or threaten to suspend your account without warning.
- Watch for generic greetings: We always address you by name — never “Dear customer”.
- Review the formatting: Bad grammar, odd formatting, or off-brand visuals are red flags.
🔐 What You Can Do
- Never enter your Runbox password anywhere except at https://runbox.com.
- Use Two-Factor Authentication (2FA) to protect your account — available in your account settings.
- Avoid scanning QR codes in emails unless you trust the sender completely.
- Report phishing: Forward suspicious messages to support@nullrunbox.com.
⚠️ A Final Reminder
Phishing attacks are evolving fast – scammers are using AI to create convincing messages that bypass traditional filters. At Runbox, we’re continuously improving our detection tools, but your vigilance is key.
If something doesn’t feel right, don’t click — contact us. Thank you for helping us keep Runbox safe and secure for everyone.