I've had coworkers, and so has my spouse, who has fallen for the "iTunes gift cards for the CEO" trick. I think grandma is no longer an accurate stand-in for a tech-unsavvy person who is vulnerable to spearphishing attempts.

I get about 10 emails per week from my "CEO" to pay an invoice. I've even gotten a few text messages. Oddly, the emails never have an attachment. Is this because Google (Workspace account) is removing it?

I've always wondered if it is 10 different orgs doing the campaigns, or the same one. If the same one, why send 10?

This is somehow not considered to be an active warzone when it clearly is. The slightest misstep could ruin your life.

> I've always wondered if it is 10 different orgs doing the campaigns, or the same one. If the same one, why send 10?

My bet is that one criminal group is selling software to enable this, with very similar default settings. Then ten groups by the software, and each one ends up sending you a very similar email.

I would argue that pretty much everyone could be socially engineered into dropping their guard for a moment.