FireEye Blogpost last week about phishing emails using the iCEDID phishing infection has an interesting image explaining this concept:
This is a sophisticated phishing setup and thus it behooves us to review this carefully.
If you notice the initial phishing email when opened has several embedded items as well as a password structure so that an anti-virus and other defensive mechanisms may be bypassed.
The end result for the hacker is a backdoor access to the victim host. Then the hacker can use the system for a variety of goals.
These hackers can be selling the access to a ransomware operator which will then try to download ransomware software to your computer or device. The criminal hackers are becoming more sophisticated and are scoping out the environment before creating the ransom demands. the reason is they want to know how much money to extract. It is not enough to ask for $300 from a 1000 people or devices.
You have to develop a systematic method to thwart these sophisticated actors.
You must a have a security policy to systematically create a defensive environment and my book coming in a few weeks will get you on your way to this path. https://oversitesentry.com/book-email-list/