Malware-Free Phishing Campaign Targets Professional Emails with Fake PDF Order Requests

A malware-free phishing campaign is targeting professional email accounts by tricking employees into viewing "order requests" disguised as fake PDFs. Attackers use lures to steal victims' Dropbox credentials. The technique relies on fraudulent emails that redirect users to counterfeit Dropbox authentication pages, avoiding traditional malicious payloads. The primary impact is cloud credential theft, which could lead to unauthorized access to sensitive data stored on the platform. No details are provided about the campaign's active period or targeted sectors.