Attackers generate thousands of unique filenames to prevent one blocked filename from stopping their entire phishing campaign.

They do not contain keywords that might trigger simple security flags.

Sometimes these names are meant to look like temporary or automated backup files.