The question is no longer if you will be breached, but when, it’s when. Cybercriminals need a single click from any of the countless emails theyve sent to various employees in order to gain entry to one endpoint within the network. They use personal information such as name, job title and shopping preferences to craft the perfect phishing email unsuspecting victims will assume is legitimate. The average consumer may not be aware of whether this is a scam or a legitimate email from their financial institution it is that well-orchestrated.”]
Source: https://securityintelligence.com/gone-phishing-how-to-prevent-sophisticated-attacks/