You know what's going to happen. The unsuspecting user receives a phishing email. Some big brand company that should already have their data wants them to verify their details. The victim visits the verification link contained in the email. He/she is prompted to enter his/her login information into a fake verification form. After obtaining the person's ID and password, the hackers use their credentials, along with information on the victim's social media profiles, to figure out their corporate login information. Next thing you know, the network drives are automatically encrypting data, and all hell breaks loose.