Even as they become ever more stealthy with AI-driven tools, threat actors are not giving up on simple, tried-and-true phishing — because it still works. According to new research, attackers are still making mischief with PDFs, the old business standby, and are exploiting growing trust in services like Dropbox. Forcepoint’s X-Labs team has uncovered a multi-stage phishing campaign that exploits PDF files and Dropbox storage through a layered redirection attack. After clicking on what looks like a legitimate PDF, victims are rerouted to a Dropbox logon impersonation page designed to harvest their credentials for internal access, account takeover, or other fraud. “This is a perfect example of ...