Anyone else seeing a recent strong uptick in "You've been charged . . ." scam material?

britechguy said:
My attitude in this case is: If this is not welcome, it's your problem.

Getting any message from anyone on a once-a-year-if-that basis, particularly if it's to inform you and from someone you know, isn't spam. Deal.

Were someone to reply that they didn't want this sort of message, I'll gladly remove them from my client contacts list. If they need me, they know where to find me.

So far, I have gotten nothing but messages of thanks. I'm up to about 10 at the moment.
Click to expand...
I would have simply appreciated your effort and concern. No complaints from me for sure, especially if you were my chosen and paid Tech.
 
I just got a "Thank you for your purchase email" in my business email account which came from my business email according to the header of course inspect and it is not my business email sending a receipt to itself.
 
And the next in the "Norton Scam Stream" has arrived in my inbox this morning.

I have to say that I have not had this steady a stream of scam email messages, or at least ones that make it through Google's spam filters, in years (yes, years). I just keep reporting them as spam so the filters might update based on each one of them, all of which are different from one another, other than in intent to defraud.
 
My clients are starting to report an upswing in all sorts of things in this vein. The most alarming so far are spear phishing attempts looking for M365 credentials. This coincides with an increased number of failed authentication attempts against M365 assets across the board.
 
Sky-Knight said:
The most alarming so far are spear phishing attempts looking for M365 credentials.
Click to expand...

None that I have received are of this type, or at least they're not on the surface, but I suppose could be after the call were made.

But even if that were what was being sought, what I've received could not accurately be described as spear phishing (and that's no comment on what you may be seeing, just what I've been seeing). It's just too scattershot to be spear phishing. Phishing, perhaps, but no spears involved.
 
britechguy said:
None that I have received are of this type, or at least they're not on the surface, but I suppose could be after the call were made.

But even if that were what was being sought, what I've received could not accurately be described as spear phishing (and that's no comment on what you may be seeing, just what I've been seeing). It's just too scattershot to be spear phishing. Phishing, perhaps, but no spears involved.
Click to expand...
What I'm getting are messages tailored for the domain they're sent to, with names to match the people in question looking for M365 credentials.

It's all automated, but it is focused on the enterprise in question and therefore meets the criteria of spear phishing. I've had a few users fall for them too, but it doesn't matter because they're all Phone sign-on enabled MFA users. The prompt asked for their password, and they've all long since forgotten them because they do not use them to get at M365 assets!

Modern Authentication for the win!

The users call me after they realize they've forgotten their passwords, and they get some more training.
 
You must log in or register to reply here.
Back
Top