
Introduction Imagine receiving an urgent email from the HR department about a salary amendment, complete with a familiar OneDrive link to access the document, which appears legitimate and personalized with your name and company details. Behind this façade, however, lies a meticulously crafted trap designed to steal corporate credentials. This scenario is at the heart of a sophisticated spear-phishing campaign