How hackers operate

The motive is usually financial. For a quick win,
hackers often leech off credible websites or programs by manipulating them for personal gain.
Often, it’s to add spammy links which redirect to their site, or to steal visitors’ details

Example:
you get a mail that your account is out of quota and please enter your credentials to upgrade your quota 

Here are some common ways they operate:

• Stealing login credentials. Lots of people still use easily cracked passwords like ‘qwerty’ or ‘admin.’
  If these are reused across accounts, hackers can use a technique called credential stuffing to take them all down. 
• Installing malware to steal your credentials.
  This is a relatively new way of getting credentials, CSO reports,
  and it’s hard to detect because it doesn’t change anything on the front-end of your website itself. 
• Exploiting out of date software or plugins.