When will people learn that nobody sends you an attachment without even knowing you ?
Threat researcher Joey Chen of Sentinel Labs says he's spotted a decade worth of cyber attacks he's happy to attribute to a single Chinese gang. Chen has named the group Aoqin Dragon, says its goal is espionage, and that it prefers targets in Australia, Cambodia, Hong Kong, Singapore, and Vietnam. The gang is fond of attacks …
Sophisticated scammers seem to look at your activity and personalize the "hook". A friend of mine was travelling in Spain and Portugal recently and was sending me photos through email. I got an email that appeared to be from him with a link that said it was an overlooked photo. The email wasn't the usual form of those from my friend, and the link was to something in Iceland.
Why do they need to know? After all, if you work on X or are involved in the Y department, there are possible generic hooks they can use. Otherwise, they might use the p0rn method, or the possible side interest, they do not care what they send out. Like the telephone scammers or text scammers who pepper the world with a grape shot of pure rubbish, hoping that the right fish will swallow the lure.
If you have "attachment preview" turned on in your email client, you could be toast without even being aware there's a problem.
Ultimately, it's the now long established blurring of distinctions between:
[a] code and data
[b] local and remote access
plus an insistence on 'convenience' that have enabled this whole disaster.
[quote]...Aoqin Dragon's method of using malicious Microsoft Word documents also relies on users not doing the right thing and either patching or upgrading their apps to safe editions.[/quote]
Alternatively they can rely on Microsoft not actually fixing the vulnerability...
that's generally a virus and not a malicious actor. a malicious actor will take the time to try and fool you. Automated crap is like you say, much easier to spot.
I manage email security at a company and see it all. The most annoying ones are using service like sendgrid and salesforce - but getting them shut down/interrupted is also satisfying, which the do fast when reported.
Using custom strings to filter is a big help - regex entries to block all bitcoin key emails, keywords to block (much more detailed but for example) "Kindly do the needful" or the scammers phone numbers or a sentence they use regularly. I also get satisfaction out of permanently blocking IP subnets when not in our business region of the world. :)