Community Reports

This is a phishing mail

Impersonates QuickBooks sending an overdue invoice for $349. PDF attachment contains a QR code pointing to a credential harvesting page. Targeting small business owners and freelancers. The PDF looks identical to a real QuickBooks invoice export.

Fake Steam email notifying of a pending trade offer worth over $200. Links to a pixel-perfect Steam login clone at a .ru domain. After entering credentials it asks for your Steam Guard code, completing a full account takeover in real time.

Email written in Romanian claiming you are owed a tax refund from ANAF. Asks you to log in via a spoofed ANAF portal to claim it. The real anaf.ro domain is anaf.ro — this sender uses a subdomain trick. Targeting Romanian users specifically, likely scraped from public business registries.

Targets small business Google Workspace admins. Claims unusual admin activity was detected and asks you to verify your identity via a fake Google sign-in page. The page harvests your Google credentials and 2FA backup codes. Real sender IP traced to Eastern Europe.

Mass campaign impersonating Netflix billing. Email says your subscription was cancelled due to a failed payment and urges you to update card info within 24 hours. The linked page captures card number, CVV and billing address. Over a dozen reports of this in the past week.

Received an email claiming a parcel is on hold due to unpaid customs fees. Links to a convincing DHL lookalike page that asks for full card details. Sender domain registered 3 days ago. SPF and DKIM both fail.