It is clear that the humble 419 scam or begging letter remains at the heart of the spam-scam industry and that it presents a range of risks beyond the obvious; large scale untargeted mail that links, perhaps via a privacy service like Cloudflare, to a website that contains malware or collects credit card or other payment data, is a valuable tool for criminals.
The biggest reasons that spam-scams present a route into companies’ networks is that e-mail is dealt with on autopilot: we literally do not think of it as a source of risk. Its convenience creates a familiarity. But also we think “why is going to bother contact me?”
The answer is that in some cases the criminals are targetting you.
But in most you are just one of millions of mails they send every hour, hoping that someone will read the pitch.