Hi, Just received a "you have a special message" phish that was delivered through oracledelivery and leads to an HTML download that loads an M365 login page.
https://pastebin.com/GQtmWakG It was only tagged by a few basic rules and passed all DKIM/SPF. X-Spam-Status: No, score=0.912 tagged_above=-200 required=5 tests=[BAYES_20=-0.001, DCC_CHECK=1.1, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, DMARC_PASS=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.001, HTML_FONT_SIZE_HUGE=0.001, HTML_MESSAGE=0.001, RELAYCOUNTRY_US=0.01, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, TRACKER_ID=0.1] autolearn=disabled Hopefully someone can investigate.
