Targeted Spear Phishing Attacks exploiting client-side vulnerabilities have been on the rise for years. These type of attacks ‘trick’ and end-user to either visit a malicious website or click on a malicious link (which may, or may not appear to be legitimate).
I’ve seen this happen many a time. Each time is slightly different. Because as a hacker, the possibilities are almost endless in the ways and methods you can use to pull of a successful attack. You are only limited by your creativity. (Or, THEY are I should say *ahem*)