"the attack should not be vastly difficult to defend" (against)
Certainly not if you check the link before clicking on it and know who it is you work with.
I also imagine that the sender name is spoofed and that there are a number of ways to detect that the mail is not legit rather than seeing a logo that looks familiar and deciding to blindly trust the mail content.
For Pete's sake, how is it that people are still falling for crap like this after decades of mail spam ?
Biting the hand that feeds IT
