I found a flood of crude phishing attempts in our postmaster account this morning.
The hook was, “Simply reply to this email with your online login and password.”
No forms, no imitation websites, no swiped logos, no links of any sort at all. One of them even had multiple recipients visible on the To: line. It’s like a throwback to the early days of spam-n-scam.
The headers were full of things like
%RNDDIGIT27, suggesting a broken spam generator, and of course there’s the fact that they actually targeted the postmaster account.