A growing threat targeting the enterprise are phishing scams targeting users from compromised email accounts in the same organization. This type of attack is called lateral phishing as it is conducted from an email address within, rather than outside, the organization. Researchers found that the majority pretended to be either alerts stating there was a problem with the recipient’s email account or a link to a shared document. The most sophisticated approach involved highly targeted content that was specific to the hijacked account s organization. The best prevention tactic is to protect the accounts from being hacked in the first place.
Source: https://www.bleepingcomputer.com/news/security/lateral-phishing-attacks-a-growing-threat-to-the-enterprise/