Recent analysis from Darktrace has emphasized the importance of reminding users that malicious emails often look like they are sent from legitimate sources. In this case, a recent phishing campaign leveraged legitimate Dropbox infrastructure and bypassed multifactor authentication (MFA) allowing attackers to access sensitive information. Slightly more surprising than usual, these attackers sent reminder emails to the victims to access the previously shared pdf.
Members are encouraged to regularly remind users about current threat campaigns that mimic legitimate services and what to watch out for when these messages land in their inboxes. For more details, access Infosecurity Magazine.