The framework that attackers use when launching email attacks starts with the Pretext. Attackers will impersonate a Brand, Internal Employee or a trusted External Partner/Vendor. In the case of a Vendor Account Compromise, the attackers will leverage a compromised vendor account to launch their attack. The delivery may contain a non-malicious attachment, but many successful attacks now only leverage simple requests in the email body.