As the frequency & severity of cyber-security attacks are increasing, the FBI has developed excellent documentation and diagrams releated to how these threats evolve over time.  They begin with a discovery process, followed by targeted attacks, that can lead to compromised systems.

https://www.fbi.gov/news/stories/business-e-mail-compromise-on-the-rise

Since 2013, when the FBI began tracking an emerging financial cyber threat called business e-mail compromise (BEC), organized crime groups have targeted large and small companies and organizations in every U.S. state and more than 100 countries around the world—from non-profits and well-known corporations to churches and school systems. Losses are in the billions of dollars and climbing.

At its heart, BEC relies on the oldest trick in the con artist’s handbook: deception. But the level of sophistication in this multifaceted global fraud is unprecedented, according to law enforcement officials, and professional businesspeople continue to fall victim to the scheme.

Carried out by transnational criminal organizations that employ lawyers, linguists, hackers, and social engineers, BEC can take a variety of forms. But in just about every case, the scammers target employees with access to company finances and trick them into making wire transfers to bank accounts thought to belong to trusted partners—except the money ends up in accounts controlled by the criminals.

Those techniques include online ploys such as spear-phishing, social engineering, identity theft, e-mail spoofing, and the use of malware. The perpetrators are so practiced at their craft that the deception is often difficult to uncover until it is too late.

According to the FBI’s Internet Crime Complaint Center (IC3), “the BEC scam continues to grow, evolve, and target businesses of all sizes. Since January 2015, there has been a 1,300 percent increase in identified exposed losses, now totaling over $3 billion.”