Phishing: Spearphishing via Service
In this scenario, adversaries send messages through social media services, personal webmail, and other non-enterprise controlled services. These services are more likely to have less-strict security policy than an enterprise. As with most kinds of spearphishing, the goal is to generate rapport with the target or get the target's interest in some way. Adversaries will create fake social media accounts and message employees for potential job opportunities. Doing so allows a plausible reason for asking about services, policies, and software that's running in an environment. The adversary can then send malicious links or attachments through these services.