Phishing Scam Uses Clean Emails and PDFs to Steal Dropbox Logins

A multi-stage phishing campaign is targeting business users by exploiting Vercel cloud storage, PDF attachments, and Telegram bots to steal Dropbox credentials.

If you have ever received a boring email about a business contract or a ‘request order,’ you might have clicked it without thinking twice. But a new report suggests that these routine messages are now part of a planned scam.

Cybersecurity researchers at Forcepoint have discovered a new phishing scam in which attackers are using a “multi-stage” process to stay invisible and achieve their true goal of stealing your login details.

Most email scams are caught by filters because they contain malicious links or viruses. This one is different. It starts with a professional-looking email, usually about a “tender” or “procurement” deal. The email itself is completely clean. It relies on a PDF attachment to do the dirty work.

According to X-Labs’ investigation, shared with Hackread.com, these ...