Businesses around the world might differ in operating industry, sector, and geographic location. However, almost all businesses are united in the suffering of phishing attacks targeting their users. Such attacks could be easy to spot by tech-savvy users. Nevertheless, a sophisticated phishing attack could even trick trained users, posing a critical threat and forming a great chance for threat actors to achieve their goals. Moreover, one of the most interesting elements is the variation of the targets, as some users were observed to receive a large volume of phishing emails, while others are receiving a relatively less amount. This advisory aims to uncover the most used techniques by threat actors to obtain the email addresses of the organization’s users to initiate the phishing campaign.
