Proofpoint researchers have increasingly observed that threat actors leverage natural human curiosity rather than exploits to trick users into opening malicious emails, clicking on links, transferring funds, and more.