From our friends at KnowBe4. It appears a new phishing attack has a 90% success rate, and is very super simple. No real sophistication here.
(copied and pasted with permission, but I have added the links for definition purposes):
“There is a new spin on an existing phishing scam you need to be aware of. Bad guys are doing research on you personally using social media and find out where and when you (might) travel for business. Next, they craft an email especially for you with an airline reservation or receipt that looks just like the real thing, sent with a spoofed “From” email address that also looks legit.
“Sometimes, they even have links in this email that go to a website that looks identical to the real airline, but it is fake. They try to do two things: 1) try to steal your company username and password, and 2) try to trick you into opening the attachment which could be a PDF or DOCX. If you click on the link or open the attachment, your workstation will possibly get infected with malware that allows the bad guys to hack into our network.
Remember, if you want to check any airline reservations or flight status, open your browser and type the website name in the address bar or use a bookmark that you yourself set earlier. Do not click on links in emails to go to websites. And as always…. Think before You Click!”