Phishing has evolved far beyond the obvious “you’ve won a prize” scams of the past. Today, attackers send highly convincing emails that appear to come from people you know, making them look legitimate at first glance.
Cybercriminals now rely on trust, realism, and subtle social engineering rather than crude tactics. Their messages are designed to look routine, urgent, or simply part of everyday business – which is exactly why they’re so effective.
Compromised accounts: the starting point for many attacks ⚠️
One of the biggest shifts in phishing is the use of compromised legitimate accounts. When attackers gain access to a real user’s inbox, they don’t immediately reveal themselves. Instead, they often:
1️⃣ Observe communication patterns
2️⃣ Read recent message threads
3️⃣ Identify roles, suppliers, and frequent contacts
4️⃣ Learn how the user writes and signs emails
Once they understand the context, attackers send new emails from the compromised account, meaning the message comes from a real person, using a real email address, in a tone that feels normal. This instantly increases trust and dramatically raises the likelihood that the recipient will click.
What attackers do with stolen credentials? 🪪
Access emails, messages and cloud files
- This allows them to gather sensitive information or prepare further attacks.
Send phishing emails to colleagues or clients
- Using your account makes the next wave of attacks look even more legitimate.
Attempt invoice or payment fraud
- Attackers often manipulate ongoing financial conversations.
Move deeper into the organisation
- With access to one account, attackers may attempt to escalate privileges or compromise additional systems.
How to Protect Yourself 🛡️
Modern phishing is subtle, but there are still signs that something isn’t right. Take a moment to think:
1️⃣ Were you expecting this email or file?
2️⃣ Does the request feel unusual or out of context?
3️⃣ Is the link pointing to a trusted domain?
4️⃣ Is the sender behaving in a way that matches their normal communication style?
