Sonic.net

I've noticed an increase in phishing scams pretending to be from Sonic, looking for logins / credit card numbers. Don't know if you're aware of this but perhaps some additional filtering can be applied. So far they've been trivially obvious, not even faking the sender domain.

They’ve proven very difficult to block, because unlike most spam they’re very small volume and do not trigger the usual keywords. Our team blocks them as they’re seen, and we block the sites they collect data at, but some still fall for them.

I've been getting them every day recently as well. "Critical Alert," "A Gentle Reminder," always a phishing link inside.

Here's part of the raw source (header):

Return-Path: <[email protected]>
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on h.spam.sonic.net
X-Spam-Level:
X-Spam-Status: No, score=-1.0 required=5.0 tests=DKIM_SIGNED,DKIM_VALID,
DKIM_VALID_AU,DKIM_VALID_EF,HTML_FONT_LOW_CONTRAST,HTML_MESSAGE,
RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H2,SNF4SA,SONIC_BX_A2,SPF_HELO_NONE,
T_KAM_HTML_FONT_INVALID,T_REMOTE_IMAGE,T_SCC_BODY_TEXT_LINE
shortcircuit=no autolearn=disabled version=3.4.6
X-Spam-SNF-Result: 0 (Standard White Rules)
X-Spam-MessageSniffer-Scan-Result:
X-Spam-MessageSniffer-Rules:
0-0-0-29807-c
X-Spam-GBUdb-Analysis: 1, 35.89.44.32, Ugly c=0.372106 p=-0.459459 Source
Normal
Received: from a.mx.sonic.net (b.spam-proxy.sonic.net [157.131.224.146])
by a.local-delivery (8.14.7/8.14.7) with ESMTP id 27NLhr89030251
(version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NOT)

Hi, When I get these fake Sonic emails (like just this morning) should I notify someone at Sonic and forward the email? Where to? Thanks.