As part of our ongoing commitment to keeping your Box experience safe and trustworthy, we’ve recently made several enhancements to detect and prevent phishing attempts sent through Box notifications and collaboration invites. Recently, malicious actors have used new methods to send deceptive invitations. To strengthen protection, Box has enhanced its detection and monitoring systems to identify and block these attempts before they reach users.
What’s new
- Smarter phishing detection for notifications – Box has enhanced the pattern matching algorithm to detect the latest malicious messaging, such as urgent payment requests or suspicious contact details. This helps stop harmful content before it is delivered.
- Behavior-based monitoring – We’ve added continuous monitoring that detects unusual sending activity from new or untrusted accounts, and alerts our on-call security team for immediate action.
- Rapid response tools – Box can now instantly block notification traffic that show signs of abuse.
- Enhanced visibility and alerting – Internal dashboards and metrics provide real-time insight into potential phishing activity.
- Clearer sender identification in invites – Box invites now make it easier to confirm who sent the invitation, with the sender’s email address included in the message body, helping users verify legitimate collaboration requests.
These protections operate automatically and do not change how you use Box. Our goal is to ensure that legitimate collaboration continues seamlessly while protecting you from emerging threats.
Ongoing commitment
We’ll continue refining these safeguards as attacker techniques evolve. As always, we encourage all users to stay aware and vigilant in protecting themselves against phishing attempts.
Best practices:
- Never click links in suspicious or unexpected emails. Always verify the sender before opening shared content.
- Report suspicious messages directly through your Box admin or support channels.
- Visit the Box Trust Center for the latest information about our security and compliance practices.
Your security and trust remain our highest priorities.