This story by Duncan Riley quotes Alexander Garcia-Tobar: “It’s worth noting that most of these phishing sites never made it into widely used databases of bad links. As a result, security tools focused on scanning the contents of email messages would not have flagged emails containing links to these sites.”
Phishing and BEC protection starts with your domain — verify your DMARC status with the Valimail Domain Checker.
Valimail