On Tue, 11 Feb 2025, Kris Deugau wrote:
John Hardin wrote:
On Mon, 10 Feb 2025, John Hardin wrote:
I just got a forwarded-via-outlook phish for zellepay that looks just
like the paypal phishes...
Ah, not *quite* the same. Zellepay doesn't have their own MTA
infrastructure, so it's a *little* less obvious.
Initial rules checked in.
Add "Brisk Invoicing" to the list (briskinvoicing.com). Never heard of them
but at a quick eyeball they look basically legit. Same MO, spammer
compromises or sets up their own M365 tenant, then creates scam invoice
events in the origin platform, addresses to their scam tenant account, which
forwards elsewhere.
-kgd
I'd need to see spamples..
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhar...@impsec.org pgpk -a jhar...@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
You are in a maze of twisty little protocols,
all written by Microsoft.
----------------------------------------------------------------------
Today: Abraham Lincoln's and Charles Darwin's 216th Birthdays
