I wrote my advance fee fraud spam aphorism about how advance fee spammers take advantage of world events for their come-ons. It strikes me as interesting that I've never seen phish spammers do that. I actually thought I had a case from this weekend and I was going to write it up here, but on looking at the phish spam again it's merely trying to get my Apple ID, not my Apple Developer ID (the latter would be topical given the commotion with the Apple Developer Center security issue).

(I don't have either and I don't think there's any suggestion anywhere that I do. But then as far as I know I've never gotten particularly targeted phish spam in general.)

Assuming that I'm not just missing out on phish spam that refers to current events, I wonder why phish spammers don't seem to do this in the same way that advance fee fraud spammers do. Possibly it's because current events are harder to exploit for phish spam because the results the spammers want are more focused and narrow. If you're not interested in Apple Developer IDs, for example, the recent security issues there are totally useless for you. By contrast advance fee fraud is always after the same thing (you giving them money) and can use many hooks to justify it.

Even with that I'm still a bit surprised that I haven't seen much or any phish spam that said something like 'in light of recent security incident <X> we're asking all of our users to ...'. Perhaps phish spammers also just don't want to remind their targets of security issues lest the targets think twice about the spam itself.