I have written a lot about the fact that many cyber attacks include an element of social engineering, to tease the victim into lowering their guard and doing what the threat actor wants.
Here is an excellent example of that, described by Xavier Mertens on SANS Internet Storm, where the threat actors are using the victim’s own corporate logos to convince them the actions are legitimate.
Phishing Page Branded with Your Corporate Website – SANS Internet Storm Centre
Training and clear policies and procedures are you best defences against this type of attack.
Clive Catton MSc (Cyber Security) – by-line and other articles