Dimitri Sirota, CEO of data security firm BigID, agrees with that theory. “Phishing attacks are very successful, since people are so inured to the possibility of being breached.” Using the password recovery system to validate emails is a common technique, either to prepare for a phishing attack, or to verify the validity of data dumps bought on the Dark Web.