John Hardin wrote:
On Mon, 10 Feb 2025, John Hardin wrote:
I just got a forwarded-via-outlook phish for zellepay that looks just
like the paypal phishes...
Ah, not *quite* the same. Zellepay doesn't have their own MTA
infrastructure, so it's a *little* less obvious.
Initial rules checked in.
Add "Brisk Invoicing" to the list (briskinvoicing.com). Never heard of
them but at a quick eyeball they look basically legit. Same MO, spammer
compromises or sets up their own M365 tenant, then creates scam invoice
events in the origin platform, addresses to their scam tenant account,
which forwards elsewhere.
-kgd
