5: Stages of a phishing attack
- Phase 1: Threat actor targets employee(s) via phishing campaign
- Phase 2: An employee opens the attack email which allows the threat
actor access to load the malicious payload or compromise the user
identity - Phase 3: The workstation is compromised, threat actor persists malware, threat actor gathers credentials
- Phase 4: Threat actors use stolen credentials to move laterally and
gain unsolicited access and compromise key infrastructure elements - Phase 5: Threat actors exfiltrate PII and other sensitive business data
There is a great article on this topic here