Cisco Talos Security Intelligence and Research Group recently spotted a targeted phishing attack with several unique characteristics that are not normally seen. This targeted attack was more difficult to detect because adversaries chose to leverage AutoIT, a well-known freeware administration tool for automating system management in corporate environments. This notable characteristic made this attack worthy of further analysis.
The detailed analysis is available here - http://blogs.cisco.com/security/talos/sysadmin-phish