On Tue, 8 May 2018, Alex wrote:
Hi,
Does anyone have any special techniques for catching these invoice phish emails?
https://pastebin.com/raw/TfvhUu0X
I've added a few body rules, and even despite training previous
similar messages as spam, they continue. These emails very closely
resemble legitimate email regarding invoices that purchasing people
fall for them all the time.
Senderscore greater than 90, and routed through O365.
The domain is no longer defined in DNS, but even the x-originating-ip
is not currently listed on any RBL.
Hmmm.
"attached" + "invoice" + no actual attachments? A download URL ain't an
attachment...
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhar...@impsec.org FALaholic #11174 pgpk -a jhar...@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
There is no problem that cannot be solved by
the appropriate application of high explosives.
-----------------------------------------------------------------------
Today: the 73rd anniversary of VE day
