Phishers sometimes use the evil twin Wi-Fi attack by standing up a Wi-Fi access point and advertising it with a deceptive name that is similar to a legitimate access point.
Interactive security awareness training aids, such as Wombat Security Technologies' Anti-Phishing Training Suite or PhishMe, can help teach employees how to avoid phishing traps, while sites like FraudWatch International and MillerSmiles publish the latest phishing email subject lines that are circulating the internet.
With all that positive stuff, there has to come the negative. In this case, the attackers leverage their control of one system to pivot within an organization using email messages from a trusted sender known to the victims.
Zechariah Phishing is quite simple and newer technology is only making it easier. This often makes use of open redirect and XSS vulnerabilities in the third-party application websites. These breaches were commonly from Work-related phishing scams These are especially alarming, as this type of scam can be very personalized and hard to spot.