DENY ATTACKERS THEIR WISH, SQUISH THAT PHISH!

1. Creating a sense of urgency, which pressurizes the victim to click on the link or open the attachment due to a perceived impending deadline

2. Posing as a senior official of the organization in an attempt to lower the victim's guard and make them more compliant

3. Luring the victim with a promise of significant benefits such as rewards, profits, amazing discounts or memberships

4. Creating a perceived threat that ignoring the email SMS or delaying its recommended action will cause great financial loss or grievous damage to the victim or their organization

5. Spearphishing - Attackers perform social engineering to create convincing themes to target specific officials based on their google searches, cookies and social media posts. e.g. an amazing offer on mobile phone for someone searching for a new phone, a vacation deal or school admission for someone with the same in their search history
Using current developments and imposing themes as topics for their campaigns eg. COVID-19 themes such as new cure, new variant, or Income tax related themes in tax-filing season