Researchers analyzed a phishing campaign using legitimate links to bypass detection. The initial email is generated when the attacker shares a file via Dropbox Transfer with the target user. The filename uses a purchase order theme to socially engineer the victim. Clicking the link to view the shared file will take the users to a download prompt on the the Dropbox Transfer website. If the user falls victim to this lure and downloads the file, an HTML file is saved to the system. Opening this file leads to the victim to a fake Microsoft login page hosted on Weebly, a free website builder, once again using a legitimate resource to avoid detection. Submitting credentials redirects users to the legitimate Microsoft Office webpage and likely exfiltrates the entered data to the attacker.