Hi, Does anyone have any special techniques for catching these invoice phish emails?
https://pastebin.com/raw/TfvhUu0X I've added a few body rules, and even despite training previous similar messages as spam, they continue. These emails very closely resemble legitimate email regarding invoices that purchasing people fall for them all the time. Senderscore greater than 90, and routed through O365. The domain is no longer defined in DNS, but even the x-originating-ip is not currently listed on any RBL.
