Hi,
There is some evidence that an actual link from dropbox, sent from no-reply@dropbox.com, with right domain and certificate, was related to an attack attempt and I would like some opinions.
The behavior is weird. It was shared with a list of people and asks for credentials, but any password, right or wrong, asks for a MFA code.
Is that normal? Why would it ask for MFA code after wrong passwords?
Any help is appreciated.
Thanks