Because for the effort the threat actors put in, the returns can be very high, so it is worth their while sending out billions of malicious messages to see who they can catch. It could be you…
Now in the age of online “as-s-service” software, it has become even easier for the threat actor “wanna bees” to get into spamming and phishing.
Introducing the phishing-as-a-service (PhaaS) platform “Caffeine”:
Caffeine service lets anyone launch Microsoft 365 phishing attacks (bleepingcomputer.com)
Clive Catton MSc (Cyber Security) – by-line and other articles