It seems that a new trend has emerged in the past few weeks. While users are (meanwhile) aware that an unexpected mail with subject “Your invoice” or “Your delivery” is suspicious, it seems that nowadays such attempts more often (in fact, according to my observations: massively) use specific subject lines that match some mail conversations of the past (e.g., “Re: Suggested changes to sales contract Samplestreet” when contract negotiations about estate in Samplestreet really were a thing the attacked recipient was involved with). Of course, such a subject line gives the recipient a false sense of trust and may make them open malicious attachments.
Apparently, some machine was infected where the malware harvested subject-recipient pairs (and as of now, I doubt that it happened here).
Apart from telling my users in general to be even more cautious than usual, what are suitable measures against this form of attack? (To begin with: Does it have a specific name that helps me find information about it? While being more specific than phishing, this is still less specific than spear phishing, I guess)
Practically the only thing that comes to my mind is to inform all external parties involved (in the Samplestreet deal, say) that they may have been infected. And also warn involved internal users that they may receive more such attacks in this matter in their department.