They research the company to identify the targets they can impersonate to the level of mimicking the speech patterns of the individual in phone calls.

By doing so, they trick technical administrators into performing password resets and reset multi-factor authentication (MFA) methods.

Other methods for initial access include:

• tricking the target into installing remote monitoring and management software • stealing the logins through phishing sites • buying credentials or session tokens from other cybercriminals • SMS phishing employees with links to fake login portals that capture the credentials • SIM-swapping or call forwarding • Direct threats of violence