I've recently been noticing a lot of phishing spam that use Amazon
links. And some of those also originate from Google groups.
The links ;p like https://0gshwjn.s3.us-east-2.amazonaws.com/etc...
Maybe I should have a rule that combines testing for those 2. Maybe
also throwing in other triggers. So as when the From: domain = To:
domain in the post from Google groups. As the most recent phishing
email had.
I could also use a rule to detect when the email contains a big box
around the text. Like this:
<a href=3D"https://0gshwjn.s3.us-east-2.amazonaw=
s.com/2vbnbgvdxfcgj.html" style=3D"display:block;width:550px;background:rgb=
(37,99,235);color:rgb(255,255,255);text-decoration-line:none;padding:16px;t=
ext-align:center;border-radius:6px;font-weight:700;font-size:16px">Keep My =
Files</a>
FWIW. - Mark
