Hi, several of my clients and those of another agency we work with are receiving spam emails (regarding asking a member of staff to make fraudulent BACS payments) that appear to be being sent using this tool.
They are using domains such as uk-c.eu and then using subdomains of this such as CLIENTDOMAIN.uk-c.eu as a reply to address but have the email coming from the original email address. DKIM and SPF are set up for these accounts correctly yet appear to be being bypassed.
This is a very concerning attack as they will use names and details of the Directors to appear legitimate so could easily be viewed as genuine. I wanted to raise this as I don’t know how much of a part Mail-in-a-Box is required by them to do so but stopping access could obviously only be a positive.