At Runbox, we work hard to keep your inbox safe. But phishing attacks are growing more sophisticated with AI-generated content and QR-based attacks, and it’s crucial that you know how to spot them. Here’s what you need to know to protect your account and your information.
🛑 What Is Phishing?
Phishing emails are a type of scam where attackers send emails pretending to be trusted services such as Runbox. The main goal is to trick you into giving up your login info – your username and password – so attackers can access your account. Often, they do this by sending urgent messages to lure you in. They might:
Pretend to be from Runbox
Urge you to “verify your account” or “avoid deactivation”
Link to a fake login page that looks legitimate – but isn’t
Include malicious attachments or QR codes
🔍 Watch Out for Fake Login Pages
One of the most common phishing tricks is to link you to a login page that looks similar to the real Runbox login page – but it isn’t. Always check the URL carefully. If it doesn’t start with https://runbox.com, it’s not us.
Fake pages may copy our layout but can have small differences, like:
Slightly different colors or fonts
Strange login page with incorrect or poor quality logo
A strange or misspelled URL (web address)
Missing security indicators (like the padlock icon in your browser)
👀 How to Spot a Phishing Email
Check the sender address: Genuine Runbox emails always come from @runbox.com.
Look closely at links: Hover before clicking. If it doesn’t point to runbox.com, don’t trust it.
Be cautious with urgency: Phrases like “act now” or “account deactivated” are designed to pressure you. Runbox will never ask you to act urgently or threaten to suspend your account without warning.
Watch for generic greetings: We always address you by name — never “Dear customer”.
Review the formatting: Bad grammar, odd formatting, or off-brand visuals are red flags.
🔐 What You Can Do
Never enter your Runbox password anywhere except at https://runbox.com.
Use Two-Factor Authentication (2FA) to protect your account — available in your account settings.
Avoid scanning QR codes in emails unless you trust the sender completely.
Phishing attacks are evolving fast – scammers are using AI to create convincing messages that bypass traditional filters. At Runbox, we’re continuously improving our detection tools, but your vigilance is key.
If something doesn’t feel right, don’t click — contact us. Thank you for helping us keep Runbox safe and secure for everyone.
In today’s digital world, email phishing scams are one of the most common and dangerous threats to individuals and businesses. These deceptive emails attempt to trick recipients into revealing personal information, clicking on malicious links, or downloading harmful attachments. Phishing attacks can lead to identity theft, financial loss, and even security breaches for organizations. For Runbox users, these scams can specifically target your email account and compromise your sensitive data. But by staying vigilant and following a few key practices, you can protect yourself from these scams.
Suddenly you are noticing strange things happening with your email. You’re receiving email messages about login attempts, password resets and two-factor authentication codes, and your friends and family are wondering why you’re sending them weird emails. You can’t even log in to your own email account and you’ve been bumped out of your social media accounts. What is going on? Your email might have been hacked.
Don’t panic… but act quickly. You can minimize a lot of damage if you act fast and methodically. Because your email is a gateway to all your online accounts, like banking, shopping, social media and streaming, it can potentially be a goldmine for a cyber criminal if they gain access. Here’s what you can do.
There’s an uptick in phishing emails again. Here’s a refresher.
In the past few weeks there have been a series of phishing attacks aimed at a small subset of Runbox customers. The goal of these scams is to trick unsuspecting email users into clicking on malicious web links and entering their Runbox username and password, enabling the scammers to steal their password.
At Runbox we are constantly on guard against phishing attacks against our customers, and here we take a closer look at this increasing problem and some simple steps you can take to protect yourself.
As a summary, ensure that you check:
The From address. Phishing messages almost always come from a random email address that do not match our list of Official Runbox Email Addresses.
The messageaddresses you by name. Scammers typically only have lists of email addresses without any first or last names, so if the message does not address you by your first and last name it is likely to be a scam.
The legitimacy of any email with links. Check where the link will actually take you. Hover over it with your mouse, and you can see whether it will in fact take you to some random address not associated with Runbox at all.
Any false urgency. Runbox will never pressure you to act suddenly. Scammers may try to create a sense of urgency to persuade you to do what they’re asking.
What is phishing?
Example of a recent phishing message
Phishing is a type of cyber attack in which an attacker attempts to obtain sensitive information such as usernames, passwords, or credit card details by posing as a trustworthy entity via email messages.
The word “phishing” is derived from fishing and refers to using lures to “fish” for sensitive information. Phishing attacks typically use social engineering to gain a victim’s trust, and use spoofing such as faking an email address or URL to make the attack appear legitimate.
When phishing attacks are targeted at certain services or individuals it’s called “spear phishing”, and in this case they appear to be sent from Runbox Support, the Runbox Team, or other similar official sounding names.
Email users who are unfortunate enough to receive a spear phishing message and end up divulging their Runbox login details can end up having their Runbox accounts hijacked and used to send spam, which then forces us to suspend the accounts until the customer can regain access.
With access to an email user’s account the attackers may then be able to access their personal information and use it to commit fraud or identity theft, which can in turn result in financial loss or worse.
Naturally such account hijacking causes much confusion for the affected customers in addition to the privacy intrusion and consequences for the recipients of the spam being sent, which is often another phishing scam. The phishing then continues to cascade to new groups of innocent users of other email services, while exploiting people’s trust and rarely being caught.
It is important to understand that these scammers are criminals, and that being tricked into disclosing any login details can have serious consequences.
How to spot phishing
The easiest way to see whether a message is in fact from Runbox is to check the From address, as phishing emails almost always come from a random email address not on any Runbox domain names such as runbox.com.
Another important clue is whether the email addresses you by name, or whichever name you have entered in your Runbox Account details. Attackers typically only have lists of email addresses without any first or last names, so if the message does not address you by name it is likely to be a scam.
The third way to check the legitimacy of any email which asks you to click on a link, is to check where the link will actually take you. Some phishing links look like they link to a Runbox web page, but if you hover over it with your mouse, you can see that it will in fact take you to some random address not associated with Runbox at all.
If in doubt, go to our main website Runbox at https://runbox.com for information, or contact us via Runbox Support at https://support.runbox.com.
Do not be fooled or threatened by the scams
Most phishing emails have a very urgent and even threatening tone, trying to scare the recipient into acting right away to avoid having their account shut down or disrupted.
The scammers might even read our blog or other web pages and notice that we have two webmail versions, and subsequently send messages claiming that if you don’t switch to the newer version within X days, then your account will be shut down, for instance.
Legitimate messages from the Runbox Team will always give notice about something happening in the future, or optional new features.
Catching the scammers
We are constantly working to improve our defenses against phishing attacks, spam, and viruses, and we take immediate action to remove spear phishing messages as soon as we become aware of an attack.
If you have received any scam emails like the ones described above without responding in any way then your account is perfectly safe. We do however appreciate you notifying us via Runbox Support at https://support.runbox.com so that we can take steps to protect you and our other customers against the attack.
If you receive messages with the subject “ATTN: RUNBOX ACCOUNT USER” that appears to have been sent from “RUNBOX HELPDESK“, please delete them.
We are deleting all the instances of these messages we can find on the Runbox servers, but we might miss some.
These messages are not sent from Runbox staff and are an attempt to trick Runbox customers into entering their login information at malicious websites.
For more information about phishing, please see the Phishing section of this article.
If you receive a message with the subject “Dear Runbox User” or “RUNBOX.COM” (or similar) which asks you for your Runbox username and password, or asks you to click on a suspicious link, then please delete the message. We are deleting all the instances of this message we can find in Runbox accounts, but we might miss some.
These messages are not sent from Runbox staff and is an attempt to trick Runbox customers into entering their login information at a malicious website.
When Runbox contacts you we will always address you by your name, and we will never ask you for your login details.
For more information about phishing, please see the Phishing section of this article.