Macnair adds that only one employee has to fall for a phishing email for the entire organization to be placed at risk. Once the attackers have gained access to one email account, they can use it to launch more convincing attacks against other employees.
Macnair recommends a combination of training and technology to thwart these attacks. He says employee education needs to include the new techniques that attackers are using. New-school security awareness training can provide your employees with the knowledge they need to avoid falling for these attacks.
UK Fundraising has the story: https://fundraising.co.uk/2019/11/01/how-charities-can-protect-themselves-against-phishing-scams/