Many attackers use a phishing attack, convincing employees to give up credentials, and then take advantage of weak or default passwords on remote services to gain initial access to the network.
The engagement team sends email requests for information that appear to come from a legitimate source. Through the use of a false “from” address, and sophisticated stylistic touches (e.g. logos and professional looking graphics), phishing emails have the genuine look and feel of a message that recipients might expect to receive from a person or a company with whom they do business.
Typically, the message requests the recipient to verify or reconfirm confidential personal information such as account numbers, user names, passwords, and other sensitive information.