The application users are susceptible to phishing, a social engineering technique. Attackers present themselves as a legitimate entity that the victim trusts and request confidential information (usually credentials). These attacks are often possible due to improperly configured corporate email clients.
Start with Fluid Attacks
We are a proud corporate member of the OWASP Foundation