From 6bb00601b72852042864946ac3752c277b697f5a Mon Sep 17 00:00:00 2001 From: Mike Swanson Date: Fri, 17 Apr 2026 10:47:24 -0700 Subject: [PATCH] Glaztech phishing incident: 32 messages purged, MX/DMARC/EFC hardened Two phishing campaigns hit Glaztech on 2026-04-17 bypassing MailProtector via exposed M365 MX record. Spoofed internal senders, forwarded by 8 users. Fixes applied: removed direct M365 MX, DMARC p=reject, Enhanced Filtering on inbound connector. 32 messages purged across all affected mailboxes. Forensic samples + full incident report preserved. Co-Authored-By: Claude Opus 4.6 (1M context) --- .../2026-04-17-hr-paperwork-delete-list.json | 332 ++++++++++++++ .../reports/2026-04-17-hr-paperwork-list.json | 297 +++++++++++++ ...6-04-17-phishing-ATTN-mailbox-password.eml | 410 ++++++++++++++++++ ...-04-17-phishing-ATTN-mailbox-password.json | 200 +++++++++ .../2026-04-17-phishing-HR-paperwork.eml | 163 +++++++ .../2026-04-17-phishing-delete-list.json | 32 ++ .../2026-04-17-phishing-incident-report.md | 192 ++++++++ 7 files changed, 1626 insertions(+) create mode 100644 clients/glaztech/reports/2026-04-17-hr-paperwork-delete-list.json create mode 100644 clients/glaztech/reports/2026-04-17-hr-paperwork-list.json create mode 100644 clients/glaztech/reports/2026-04-17-phishing-ATTN-mailbox-password.eml create mode 100644 clients/glaztech/reports/2026-04-17-phishing-ATTN-mailbox-password.json create mode 100644 clients/glaztech/reports/2026-04-17-phishing-HR-paperwork.eml create mode 100644 clients/glaztech/reports/2026-04-17-phishing-delete-list.json create mode 100644 clients/glaztech/reports/2026-04-17-phishing-incident-report.md diff --git a/clients/glaztech/reports/2026-04-17-hr-paperwork-delete-list.json b/clients/glaztech/reports/2026-04-17-hr-paperwork-delete-list.json new file mode 100644 index 0000000..62edc8d --- /dev/null +++ b/clients/glaztech/reports/2026-04-17-hr-paperwork-delete-list.json @@ -0,0 +1,332 @@ +[ + [ + "alexander@glaztech.com", + "AAMkAGJjOTczMDU2LTYyZDEtNGYwNC1iZjMyLWEzMmNjMWQyNzQ3NQBGAAAAAAA82KT7j0XhSpjy_OE_PrvmBwB9Early5ZDRK2sEGXzS-AdARvDwQ48AADROxasb9l7S7bR2y6uFohTAAGMSP-jAAA=", + "Cherakee Mellinger applied to Customer Service Representative" + ], + [ + "alexander@glaztech.com", + "AAMkAGJjOTczMDU2LTYyZDEtNGYwNC1iZjMyLWEzMmNjMWQyNzQ3NQBGAAAAAAA82KT7j0XhSpjy_OE_PrvmBwB9Early5ZDRK2sEGXzS-AdARvDwQ48AADROxasb9l7S7bR2y6uFohTAAGMSP-iAAA=", + "Cherakee Mellinger applied to Customer Service Representative" + ], + [ + "alexander@glaztech.com", + "AAMkAGJjOTczMDU2LTYyZDEtNGYwNC1iZjMyLWEzMmNjMWQyNzQ3NQBGAAAAAAA82KT7j0XhSpjy_OE_PrvmBwB9Early5ZDRK2sEGXzS-AdARvDwQ48AADROxasb9l7S7bR2y6uFohTAAGMSP-hAAA=", + "RE: Annual Reviews for APRIL 2026 - PHOENIX" + ], + [ + "alexander@glaztech.com", + "AAMkAGJjOTczMDU2LTYyZDEtNGYwNC1iZjMyLWEzMmNjMWQyNzQ3NQBGAAAAAAA82KT7j0XhSpjy_OE_PrvmBwB9Early5ZDRK2sEGXzS-AdARvDwQ48AADROxasb9l7S7bR2y6uFohTAAGMSP-aAAA=", + "RE: Annual Reviews for APRIL 2026 - PHOENIX" + ], + [ + "alexander@glaztech.com", + "AAMkAGJjOTczMDU2LTYyZDEtNGYwNC1iZjMyLWEzMmNjMWQyNzQ3NQBGAAAAAAA82KT7j0XhSpjy_OE_PrvmBwB9Early5ZDRK2sEGXzS-AdARvDwQ48AADROxasb9l7S7bR2y6uFohTAAGATpkBAAA=", + "RE: Denzel Moore termination paperwork" + ], + [ + "alexander@glaztech.com", + "AAMkAGJjOTczMDU2LTYyZDEtNGYwNC1iZjMyLWEzMmNjMWQyNzQ3NQBGAAAAAAA82KT7j0XhSpjy_OE_PrvmBwB9Early5ZDRK2sEGXzS-AdARvDwQ48AADROxasb9l7S7bR2y6uFohTAAGATpi2AAA=", + "EastValley//Secure//" + ], + [ + "alexander@glaztech.com", + "AAMkAGJjOTczMDU2LTYyZDEtNGYwNC1iZjMyLWEzMmNjMWQyNzQ3NQBGAAAAAAA82KT7j0XhSpjy_OE_PrvmBwB9Early5ZDRK2sEGXzS-AdARvDwQ48AADROxasb9l7S7bR2y6uFohTAAGATph_AAA=", + "Denzel Moore termination paperwork" + ], + [ + "alexander@glaztech.com", + "AAMkAGJjOTczMDU2LTYyZDEtNGYwNC1iZjMyLWEzMmNjMWQyNzQ3NQBGAAAAAAA82KT7j0XhSpjy_OE_PrvmBwB9Early5ZDRK2sEGXzS-AdARvDwQ48AADROxasb9l7S7bR2y6uFohTAAGATpbvAAA=", + "D'Marcus Lair tax info" + ], + [ + "alexander@glaztech.com", + "AAMkAGJjOTczMDU2LTYyZDEtNGYwNC1iZjMyLWEzMmNjMWQyNzQ3NQBGAAAAAAA82KT7j0XhSpjy_OE_PrvmBwB9Early5ZDRK2sEGXzS-AdARvDwQ48AADROxasb9l7S7bR2y6uFohTAAGATpbWAAA=", + "RE: 90 Day / Annual Reviews for APRIL 2026 - Shreveport" + ], + [ + "alexander@glaztech.com", + "AAMkAGJjOTczMDU2LTYyZDEtNGYwNC1iZjMyLWEzMmNjMWQyNzQ3NQBGAAAAAAA82KT7j0XhSpjy_OE_PrvmBwB9Early5ZDRK2sEGXzS-AdARvDwQ48AADROxasb9l7S7bR2y6uFohTAAGATpbHAAA=", + "RE: Annual Reviews for APRIL 2026 - PHOENIX" + ], + [ + "alexander@glaztech.com", + "AAMkAGJjOTczMDU2LTYyZDEtNGYwNC1iZjMyLWEzMmNjMWQyNzQ3NQBGAAAAAAA82KT7j0XhSpjy_OE_PrvmBwB9Early5ZDRK2sEGXzS-AdARvDwQ48AADROxasb9l7S7bR2y6uFohTAAGATpatAAA=", + "RE: 90 Day / Annual Reviews for APRIL 2026 - Shreveport" + ], + [ + "alexander@glaztech.com", + "AAMkAGJjOTczMDU2LTYyZDEtNGYwNC1iZjMyLWEzMmNjMWQyNzQ3NQBGAAAAAAA82KT7j0XhSpjy_OE_PrvmBwB9Early5ZDRK2sEGXzS-AdARvDwQ48AADROxasb9l7S7bR2y6uFohTAAGATpajAAA=", + "RE: Annual Reviews for APRIL 2026 - PHOENIX" + ], + [ + "alexander@glaztech.com", + "AAMkAGJjOTczMDU2LTYyZDEtNGYwNC1iZjMyLWEzMmNjMWQyNzQ3NQBGAAAAAAA82KT7j0XhSpjy_OE_PrvmBwB9Early5ZDRK2sEGXzS-AdARvDwQ48AADROxasb9l7S7bR2y6uFohTAAGATpaiAAA=", + "RE: Annual Reviews for APRIL 2026 - PHOENIX" + ], + [ + "alexander@glaztech.com", + "AAMkAGJjOTczMDU2LTYyZDEtNGYwNC1iZjMyLWEzMmNjMWQyNzQ3NQBGAAAAAAA82KT7j0XhSpjy_OE_PrvmBwB9Early5ZDRK2sEGXzS-AdARvDwQ48AADROxasb9l7S7bR2y6uFohTAAGATpahAAA=", + "RE: Annual Reviews for APRIL 2026 - PHOENIX" + ], + [ + "alexander@glaztech.com", + "AAMkAGJjOTczMDU2LTYyZDEtNGYwNC1iZjMyLWEzMmNjMWQyNzQ3NQBGAAAAAAA82KT7j0XhSpjy_OE_PrvmBwB9Early5ZDRK2sEGXzS-AdARvDwQ48AADROxasb9l7S7bR2y6uFohTAAGATpaTAAA=", + "RE: 90 Day / Annual Reviews for APRIL 2026 - Denver" + ], + [ + "alexander@glaztech.com", + "AAMkAGJjOTczMDU2LTYyZDEtNGYwNC1iZjMyLWEzMmNjMWQyNzQ3NQBGAAAAAAA82KT7j0XhSpjy_OE_PrvmBwB9Early5ZDRK2sEGXzS-AdARvDwQ48AADROxasb9l7S7bR2y6uFohTAAGATpaRAAA=", + "RE: 90 Day / Annual Reviews for APRIL 2026 - Denver" + ], + [ + "alexander@glaztech.com", + "AAMkAGJjOTczMDU2LTYyZDEtNGYwNC1iZjMyLWEzMmNjMWQyNzQ3NQBGAAAAAAA82KT7j0XhSpjy_OE_PrvmBwB9Early5ZDRK2sEGXzS-AdARvDwQ48AADROxasb9l7S7bR2y6uFohTAAGATpaQAAA=", + "RE: 90 Day / Annual Reviews for APRIL 2026 - Denver" + ], + [ + "alexander@glaztech.com", + "AAMkAGJjOTczMDU2LTYyZDEtNGYwNC1iZjMyLWEzMmNjMWQyNzQ3NQBGAAAAAAA82KT7j0XhSpjy_OE_PrvmBwB9Early5ZDRK2sEGXzS-AdARvDwQ48AADROxasb9l7S7bR2y6uFohTAAGATpaKAAA=", + "RE: 90 Day / Annual Reviews for APRIL 2026 - SANTA TERESA" + ], + [ + "alexander@glaztech.com", + "AAMkAGJjOTczMDU2LTYyZDEtNGYwNC1iZjMyLWEzMmNjMWQyNzQ3NQBGAAAAAAA82KT7j0XhSpjy_OE_PrvmBwB9Early5ZDRK2sEGXzS-AdARvDwQ48AADROxasb9l7S7bR2y6uFohTAAGATpZ-AAA=", + "RE: 90 Day / Annual Reviews for APRIL 2026 - Boise" + ], + [ + "alexander@glaztech.com", + "AAMkAGJjOTczMDU2LTYyZDEtNGYwNC1iZjMyLWEzMmNjMWQyNzQ3NQBGAAAAAAA82KT7j0XhSpjy_OE_PrvmBwB9Early5ZDRK2sEGXzS-AdARvDwQ48AADROxasb9l7S7bR2y6uFohTAAGATpZ_AAA=", + "RE: 90 Day / Annual Reviews for APRIL 2026 - Boise" + ], + [ + "alexander@glaztech.com", + "AAMkAGJjOTczMDU2LTYyZDEtNGYwNC1iZjMyLWEzMmNjMWQyNzQ3NQBGAAAAAAA82KT7j0XhSpjy_OE_PrvmBwB9Early5ZDRK2sEGXzS-AdARvDwQ48AADROxasb9l7S7bR2y6uFohTAAGATpZ9AAA=", + "RE: 90-Day/Annual Reviews for APRIL 2026 - ABQ" + ], + [ + "alexander@glaztech.com", + "AAMkAGJjOTczMDU2LTYyZDEtNGYwNC1iZjMyLWEzMmNjMWQyNzQ3NQBGAAAAAAA82KT7j0XhSpjy_OE_PrvmBwB9Early5ZDRK2sEGXzS-AdARvDwQ48AADROxasb9l7S7bR2y6uFohTAAGATpZ8AAA=", + "RE: 90 Day / Annual Reviews for APRIL 2026 - CORPORATE" + ], + [ + "alexander@glaztech.com", + "AAMkAGJjOTczMDU2LTYyZDEtNGYwNC1iZjMyLWEzMmNjMWQyNzQ3NQBGAAAAAAA82KT7j0XhSpjy_OE_PrvmBwB9Early5ZDRK2sEGXzS-AdARvDwQ48AADROxasb9l7S7bR2y6uFohTAAGATpZ7AAA=", + "RE: 90 Day / Annual Reviews for APRIL 2026 - BATON ROUGE" + ], + [ + "alexander@glaztech.com", + "AAMkAGJjOTczMDU2LTYyZDEtNGYwNC1iZjMyLWEzMmNjMWQyNzQ3NQBGAAAAAAA82KT7j0XhSpjy_OE_PrvmBwB9Early5ZDRK2sEGXzS-AdARvDwQ48AADROxasb9l7S7bR2y6uFohTAAGATpZ6AAA=", + "RE: Annual Reviews for APRIL 2026 - PHOENIX" + ], + [ + "alexander@glaztech.com", + "AAMkAGJjOTczMDU2LTYyZDEtNGYwNC1iZjMyLWEzMmNjMWQyNzQ3NQBGAAAAAAA82KT7j0XhSpjy_OE_PrvmBwB9Early5ZDRK2sEGXzS-AdARvDwQ48AADROxasb9l7S7bR2y6uFohTAAGATpZ5AAA=", + "RE: 90 Day / Annual Reviews for APRIL - Tucson" + ], + [ + "seastman@glaztech.com", + "AAMkADE2ZWQxNTRiLTU0MmEtNDUzZi04YTJhLTFhZGY4OTJkM2VkMQBGAAAAAADPsBKOi2yPR7MWeEcmEyCYBwC2Dl0BExD9Q4vMdTx506HpAAALQUmwAABeKKO0aPI-QbCbxBC9WbLMAAGMOqoXAAA=", + "Fw: HR Paperwork \u2013 Awaiting Completion Approval Ref/ID#: faf0c20d7e963cd15160c89" + ], + [ + "seastman@glaztech.com", + "AAMkADE2ZWQxNTRiLTU0MmEtNDUzZi04YTJhLTFhZGY4OTJkM2VkMQBGAAAAAADPsBKOi2yPR7MWeEcmEyCYBwC2Dl0BExD9Q4vMdTx506HpAAALQUmuAABeKKO0aPI-QbCbxBC9WbLMAAGMOWtoAAA=", + "FW: HR Paperwork \u2013 Awaiting Completion Approval Ref/ID#: 6fd0fc82424d2b81282f47f" + ], + [ + "seastman@glaztech.com", + "AAMkADE2ZWQxNTRiLTU0MmEtNDUzZi04YTJhLTFhZGY4OTJkM2VkMQBGAAAAAADPsBKOi2yPR7MWeEcmEyCYBwC2Dl0BExD9Q4vMdTx506HpAAALQUmuAABeKKO0aPI-QbCbxBC9WbLMAAGMOWtnAAA=", + "FW: HR Paperwork \u2013 Awaiting Completion Approval Ref/ID#: faf0c20d7e963cd15160c89" + ], + [ + "seastman@glaztech.com", + "AAMkADE2ZWQxNTRiLTU0MmEtNDUzZi04YTJhLTFhZGY4OTJkM2VkMQBGAAAAAADPsBKOi2yPR7MWeEcmEyCYBwC2Dl0BExD9Q4vMdTx506HpAAALQUmuAABeKKO0aPI-QbCbxBC9WbLMAAGMOWtmAAA=", + "FW: HR Paperwork \u2013 Awaiting Completion Approval Ref/ID#: 05af9a1161397c95a331e9e" + ], + [ + "seastman@glaztech.com", + "AAMkADE2ZWQxNTRiLTU0MmEtNDUzZi04YTJhLTFhZGY4OTJkM2VkMQBGAAAAAADPsBKOi2yPR7MWeEcmEyCYBwC2Dl0BExD9Q4vMdTx506HpAAALQUmwAABeKKO0aPI-QbCbxBC9WbLMAAAgufgiAAA=", + "RE: HR Paperwork \u2013 Awaiting Completion Approval Ref/ID#: ff9d7d987cd0cc2c9573f2e" + ], + [ + "seastman@glaztech.com", + "AAMkADE2ZWQxNTRiLTU0MmEtNDUzZi04YTJhLTFhZGY4OTJkM2VkMQBGAAAAAADPsBKOi2yPR7MWeEcmEyCYBwC2Dl0BExD9Q4vMdTx506HpAAALQUmuAABeKKO0aPI-QbCbxBC9WbLMAAGMOWtUAAA=", + "FW: HR Paperwork \u2013 Awaiting Completion Approval Ref/ID#: ff9d7d987cd0cc2c9573f2e" + ], + [ + "seastman@glaztech.com", + "AAMkADE2ZWQxNTRiLTU0MmEtNDUzZi04YTJhLTFhZGY4OTJkM2VkMQBGAAAAAADPsBKOi2yPR7MWeEcmEyCYBwC2Dl0BExD9Q4vMdTx506HpAAALQUmuAABeKKO0aPI-QbCbxBC9WbLMAAGJxrsBAAA=", + "A Weekly Note from Rep. Ciscomani" + ], + [ + "seastman@glaztech.com", + "AAMkADE2ZWQxNTRiLTU0MmEtNDUzZi04YTJhLTFhZGY4OTJkM2VkMQBGAAAAAADPsBKOi2yPR7MWeEcmEyCYBwC2Dl0BExD9Q4vMdTx506HpAAALQUmuAABeKKO0aPI-QbCbxBC9WbLMAAEKcrzhAAA=", + "Glaz-Tech Medicare Part D Disclosure Notice" + ], + [ + "seastman@glaztech.com", + "AAMkADE2ZWQxNTRiLTU0MmEtNDUzZi04YTJhLTFhZGY4OTJkM2VkMQBGAAAAAADPsBKOi2yPR7MWeEcmEyCYBwC2Dl0BExD9Q4vMdTx506HpAAALQUmuAABeKKO0aPI-QbCbxBC9WbLMAAEIkWt4AAA=", + "A Weekly Note from Rep. Ciscomani" + ], + [ + "seastman@glaztech.com", + "AAMkADE2ZWQxNTRiLTU0MmEtNDUzZi04YTJhLTFhZGY4OTJkM2VkMQBGAAAAAADPsBKOi2yPR7MWeEcmEyCYBwC2Dl0BExD9Q4vMdTx506HpAAALQUmwAACzaLKsDe0LTKDxlqcSV-JpAABhvWgUAAA=", + "RE: New CSR Email Request - Denver" + ], + [ + "seastman@glaztech.com", + "AAMkADE2ZWQxNTRiLTU0MmEtNDUzZi04YTJhLTFhZGY4OTJkM2VkMQBGAAAAAADPsBKOi2yPR7MWeEcmEyCYBwC2Dl0BExD9Q4vMdTx506HpAAALQUmuAACzaLKsDe0LTKDxlqcSV-JpAATFLBVpAAA=", + "Fw: Thanks for booking Valentine Ashby's salon service!" + ], + [ + "seastman@glaztech.com", + "AAMkADE2ZWQxNTRiLTU0MmEtNDUzZi04YTJhLTFhZGY4OTJkM2VkMQBGAAAAAADPsBKOi2yPR7MWeEcmEyCYBwC2Dl0BExD9Q4vMdTx506HpAAALQUmuAACzaLKsDe0LTKDxlqcSV-JpAATFLBNrAAA=", + "Fw: Thanks for booking Valentine Ashby's salon service!" + ], + [ + "seastman@glaztech.com", + "AAMkADE2ZWQxNTRiLTU0MmEtNDUzZi04YTJhLTFhZGY4OTJkM2VkMQBGAAAAAADPsBKOi2yPR7MWeEcmEyCYBwC2Dl0BExD9Q4vMdTx506HpAAALQUmuAACzaLKsDe0LTKDxlqcSV-JpAAPP5UL8AAA=", + "Summer Sports Clinic Registration Opens | Free Training for Sales Careers | 25% " + ], + [ + "seastman@glaztech.com", + "AAMkADE2ZWQxNTRiLTU0MmEtNDUzZi04YTJhLTFhZGY4OTJkM2VkMQBGAAAAAADPsBKOi2yPR7MWeEcmEyCYBwC2Dl0BExD9Q4vMdTx506HpAAALQUmuAACzaLKsDe0LTKDxlqcSV-JpAAKT9aveAAA=", + "RE: Signature requested on \"EPSL Act Request Form- GlazTech Industries\"" + ], + [ + "seastman@glaztech.com", + "AAMkADE2ZWQxNTRiLTU0MmEtNDUzZi04YTJhLTFhZGY4OTJkM2VkMQBGAAAAAADPsBKOi2yPR7MWeEcmEyCYBwC2Dl0BExD9Q4vMdTx506HpAAALQUmuAACzaLKsDe0LTKDxlqcSV-JpAADDqlgEAAA=", + "Glaztech HR Employee Announcement" + ], + [ + "seastman@glaztech.com", + "AAMkADE2ZWQxNTRiLTU0MmEtNDUzZi04YTJhLTFhZGY4OTJkM2VkMQBGAAAAAADPsBKOi2yPR7MWeEcmEyCYBwBxhyYq7nPQSrGc2tAyPGkyAACi2wC0AABxhyYq7nPQSrGc2tAyPGkyAO1eIjoMAAA=", + "Envolta offsite paperwork" + ], + [ + "dominic@glaztech.com", + "AAMkADhmMGU3MzVkLTI0YzUtNGJhNy1hNTA5LTQ5MGMzMDBhZWY4NQBGAAAAAAC939_0JhY6TYWTi_N_K_yUBwC2Dl0BExD9Q4vMdTx506HpAAALQOtvAAAyDTC97l5iT6Id8BFTblW5AAEph1CrAAA=", + "FW: HR Paperwork \u2013 Awaiting Completion Approval Ref/ID#: 05af9a1161397c95a331e9e" + ], + [ + "dominic@glaztech.com", + "AAMkADhmMGU3MzVkLTI0YzUtNGJhNy1hNTA5LTQ5MGMzMDBhZWY4NQBGAAAAAAC939_0JhY6TYWTi_N_K_yUBwC2Dl0BExD9Q4vMdTx506HpAAALQOtvAAAyDTC97l5iT6Id8BFTblW5AAEph1CqAAA=", + "RE: HR Paperwork \u2013 Awaiting Completion Approval Ref/ID#: ff9d7d987cd0cc2c9573f2e" + ], + [ + "dominic@glaztech.com", + "AAMkADhmMGU3MzVkLTI0YzUtNGJhNy1hNTA5LTQ5MGMzMDBhZWY4NQBGAAAAAAC939_0JhY6TYWTi_N_K_yUBwC2Dl0BExD9Q4vMdTx506HpAAALQOtvAAAyDTC97l5iT6Id8BFTblW5AAEph1ClAAA=", + "FW: HR Paperwork \u2013 Awaiting Completion Approval Ref/ID#: ff9d7d987cd0cc2c9573f2e" + ], + [ + "dominic@glaztech.com", + "AAMkADhmMGU3MzVkLTI0YzUtNGJhNy1hNTA5LTQ5MGMzMDBhZWY4NQBGAAAAAAC939_0JhY6TYWTi_N_K_yUBwC2Dl0BExD9Q4vMdTx506HpAAALQOttAAAyDTC97l5iT6Id8BFTblW5AAGMeiuMAAA=", + "Re: HR Paperwork \u2013 Awaiting Completion Approval Ref/ID#: ff9d7d987cd0cc2c9573f2e" + ], + [ + "dominic@glaztech.com", + "AAMkADhmMGU3MzVkLTI0YzUtNGJhNy1hNTA5LTQ5MGMzMDBhZWY4NQBGAAAAAAC939_0JhY6TYWTi_N_K_yUBwC2Dl0BExD9Q4vMdTx506HpAAALQOttAAAyDTC97l5iT6Id8BFTblW5AAB9ILgAAAA=", + "Janelle Padilla applied to Manufacturing Associate (Glass Experience Required)" + ], + [ + "dominic@glaztech.com", + "AAMkADhmMGU3MzVkLTI0YzUtNGJhNy1hNTA5LTQ5MGMzMDBhZWY4NQBGAAAAAAC939_0JhY6TYWTi_N_K_yUBwC2Dl0BExD9Q4vMdTx506HpAAALQOtvAAAyDTC97l5iT6Id8BFTblW5AAAFEWY8AAA=", + "FW: Annual Reviews for NOVEMBER 2024 - ABQ" + ], + [ + "dominic@glaztech.com", + "AAMkADhmMGU3MzVkLTI0YzUtNGJhNy1hNTA5LTQ5MGMzMDBhZWY4NQBGAAAAAAC939_0JhY6TYWTi_N_K_yUBwC2Dl0BExD9Q4vMdTx506HpAAALQOttAAAyDTC97l5iT6Id8BFTblW5AAAuU2scAAA=", + "FW: Annual Reviews for NOVEMBER 2024 - ABQ" + ], + [ + "dominic@glaztech.com", + "AAMkADhmMGU3MzVkLTI0YzUtNGJhNy1hNTA5LTQ5MGMzMDBhZWY4NQBGAAAAAAC939_0JhY6TYWTi_N_K_yUBwC2Dl0BExD9Q4vMdTx506HpAAALQOtvAAD_HLgzUF5iRK_zB1iJqwjrAAVhUfRMAAA=", + "FW: 401K" + ], + [ + "dominic@glaztech.com", + "AAMkADhmMGU3MzVkLTI0YzUtNGJhNy1hNTA5LTQ5MGMzMDBhZWY4NQBGAAAAAAC939_0JhY6TYWTi_N_K_yUBwC2Dl0BExD9Q4vMdTx506HpAAALQOtvAAD_HLgzUF5iRK_zB1iJqwjrAAVhUec4AAA=", + "FW: 401K" + ], + [ + "dominic@glaztech.com", + "AAMkADhmMGU3MzVkLTI0YzUtNGJhNy1hNTA5LTQ5MGMzMDBhZWY4NQBGAAAAAAC939_0JhY6TYWTi_N_K_yUBwC2Dl0BExD9Q4vMdTx506HpAAALQOttAAD_HLgzUF5iRK_zB1iJqwjrAAXUViICAAA=", + "RE: 401K" + ], + [ + "dominic@glaztech.com", + "AAMkADhmMGU3MzVkLTI0YzUtNGJhNy1hNTA5LTQ5MGMzMDBhZWY4NQBGAAAAAAC939_0JhY6TYWTi_N_K_yUBwC2Dl0BExD9Q4vMdTx506HpAAALQOtvAAD_HLgzUF5iRK_zB1iJqwjrAAVhUeanAAA=", + "FW: Khalil applied to Custom Glass Fabricator" + ], + [ + "dominic@glaztech.com", + "AAMkADhmMGU3MzVkLTI0YzUtNGJhNy1hNTA5LTQ5MGMzMDBhZWY4NQBGAAAAAAC939_0JhY6TYWTi_N_K_yUBwC2Dl0BExD9Q4vMdTx506HpAAALQOttAAD_HLgzUF5iRK_zB1iJqwjrAAXBnpzfAAA=", + "RE: Annual Reviews for MARCH 2024 - ABQ" + ], + [ + "dominic@glaztech.com", + "AAMkADhmMGU3MzVkLTI0YzUtNGJhNy1hNTA5LTQ5MGMzMDBhZWY4NQBGAAAAAAC939_0JhY6TYWTi_N_K_yUBwD_HLgzUF5iRK_zB1iJqwjrAAFE2oJ6AAD_HLgzUF5iRK_zB1iJqwjrAAVhUYM4AAA=", + "[Possible spam] Not now?" + ], + [ + "dominic@glaztech.com", + "AAMkADhmMGU3MzVkLTI0YzUtNGJhNy1hNTA5LTQ5MGMzMDBhZWY4NQBGAAAAAAC939_0JhY6TYWTi_N_K_yUBwC2Dl0BExD9Q4vMdTx506HpAAALQOtvAAD_HLgzUF5iRK_zB1iJqwjrAAFE20hXAAA=", + "FW: Herschel Bluehorse applied to Entry Level Manufacturing Associate (Glass)" + ], + [ + "dominic@glaztech.com", + "AAMkADhmMGU3MzVkLTI0YzUtNGJhNy1hNTA5LTQ5MGMzMDBhZWY4NQBGAAAAAAC939_0JhY6TYWTi_N_K_yUBwC2Dl0BExD9Q4vMdTx506HpAAALQOttAAD_HLgzUF5iRK_zB1iJqwjrAARhgyGgAAA=", + "Medicare Part D Notice " + ], + [ + "dominic@glaztech.com", + "AAMkADhmMGU3MzVkLTI0YzUtNGJhNy1hNTA5LTQ5MGMzMDBhZWY4NQBGAAAAAAC939_0JhY6TYWTi_N_K_yUBwC2Dl0BExD9Q4vMdTx506HpAAALQOtvAAD_HLgzUF5iRK_zB1iJqwjrAAFE2xauAAA=", + "FW: Jaime Molinar applied to Entry Level Manufacturing Associate (Glass)" + ], + [ + "dominic@glaztech.com", + "AAMkADhmMGU3MzVkLTI0YzUtNGJhNy1hNTA5LTQ5MGMzMDBhZWY4NQBGAAAAAAC939_0JhY6TYWTi_N_K_yUBwC2Dl0BExD9Q4vMdTx506HpAAALQOttAAD_HLgzUF5iRK_zB1iJqwjrAAQL08hoAAA=", + "FW: 90 Day / Annual Reviews for JUNE 2022 - ABQ" + ], + [ + "dominic@glaztech.com", + "AAMkADhmMGU3MzVkLTI0YzUtNGJhNy1hNTA5LTQ5MGMzMDBhZWY4NQBGAAAAAAC939_0JhY6TYWTi_N_K_yUBwC2Dl0BExD9Q4vMdTx506HpAAALQOttAAD_HLgzUF5iRK_zB1iJqwjrAAPP1mRBAAA=", + "FW: 90 Day / Annual Reviews for March 2022 - ABQ" + ], + [ + "dominic@glaztech.com", + "AAMkADhmMGU3MzVkLTI0YzUtNGJhNy1hNTA5LTQ5MGMzMDBhZWY4NQBGAAAAAAC939_0JhY6TYWTi_N_K_yUBwC2Dl0BExD9Q4vMdTx506HpAAALQOttAAD_HLgzUF5iRK_zB1iJqwjrAAPP1mG6AAA=", + "FW: 90 Day / Annual Reviews for February 2022 - ABQ" + ], + [ + "dominic@glaztech.com", + "AAMkADhmMGU3MzVkLTI0YzUtNGJhNy1hNTA5LTQ5MGMzMDBhZWY4NQBGAAAAAAC939_0JhY6TYWTi_N_K_yUBwC2Dl0BExD9Q4vMdTx506HpAAALQOtvAAD_HLgzUF5iRK_zB1iJqwjrAAFE2u7tAAA=", + "FW: Derek applied to Entry Level Manufacturing Associate (Glass)" + ], + [ + "dominic@glaztech.com", + "AAMkADhmMGU3MzVkLTI0YzUtNGJhNy1hNTA5LTQ5MGMzMDBhZWY4NQBGAAAAAAC939_0JhY6TYWTi_N_K_yUBwC2Dl0BExD9Q4vMdTx506HpAAALQOtvAAD_HLgzUF5iRK_zB1iJqwjrAAFE2u5YAAA=", + "FW: Salary Change J. Jaunich" + ], + [ + "dominic@glaztech.com", + "AAMkADhmMGU3MzVkLTI0YzUtNGJhNy1hNTA5LTQ5MGMzMDBhZWY4NQBGAAAAAAC939_0JhY6TYWTi_N_K_yUBwC2Dl0BExD9Q4vMdTx506HpAAALQOttAAD_HLgzUF5iRK_zB1iJqwjrAAMajTIZAAA=", + "RE: Salary Change J. Jaunich" + ], + [ + "dominic@glaztech.com", + "AAMkADhmMGU3MzVkLTI0YzUtNGJhNy1hNTA5LTQ5MGMzMDBhZWY4NQBGAAAAAAC939_0JhY6TYWTi_N_K_yUBwC2Dl0BExD9Q4vMdTx506HpAAALQOtvAAD_HLgzUF5iRK_zB1iJqwjrAAFE2uIWAAA=", + "RE: SMS/Text from Charlie Daniel Martinez regarding their application" + ], + [ + "dominic@glaztech.com", + "AAMkADhmMGU3MzVkLTI0YzUtNGJhNy1hNTA5LTQ5MGMzMDBhZWY4NQBGAAAAAAC939_0JhY6TYWTi_N_K_yUBwC2Dl0BExD9Q4vMdTx506HpAAALQOtvAAD_HLgzUF5iRK_zB1iJqwjrAAFE2uIPAAA=", + "James Jaunich" + ], + [ + "dominic@glaztech.com", + "AAMkADhmMGU3MzVkLTI0YzUtNGJhNy1hNTA5LTQ5MGMzMDBhZWY4NQBGAAAAAAC939_0JhY6TYWTi_N_K_yUBwC2Dl0BExD9Q4vMdTx506HpAAALQOttAAD_HLgzUF5iRK_zB1iJqwjrAAMajS-1AAA=", + "RE: Resume" + ] +] \ No newline at end of file diff --git a/clients/glaztech/reports/2026-04-17-hr-paperwork-list.json b/clients/glaztech/reports/2026-04-17-hr-paperwork-list.json new file mode 100644 index 0000000..910506f --- /dev/null +++ b/clients/glaztech/reports/2026-04-17-hr-paperwork-list.json @@ -0,0 +1,297 @@ +[ + [ + "albert@glaztech.com", + "AAMkADc5ZjE1MjhmLTFlNWUtNGQ1Yy05ZmJkLTk0NGRhZmU2OGFjZABGAAAAAADNFEzvuexFQJzCA06jCiyIBwDUjEhhhOHRQo1BpoJ_pGNxAAAAAAEMAADUjEhhhOHRQo1BpoJ_pGNxAAWAOSJ_AAA=", + "RE: Atlas GA45FF" + ], + [ + "alex@glaztech.com", + "AAMkADI5ODM4NTE4LTJlMGEtNDllMC05MTgxLTBkMDQwY2RiZWRjMwBGAAAAAADakTj1Cc1dTITxGWIXdZqeBwC2Dl0BExD9Q4vMdTx506HpAAACuFdFAAADP5UlDfteQoHigM2vq-sNAAEa5UhyAAA=", + "Cyber Proposal Doc's Attached" + ], + [ + "alexander@glaztech.com", + "AAMkAGJjOTczMDU2LTYyZDEtNGYwNC1iZjMyLWEzMmNjMWQyNzQ3NQBGAAAAAAA82KT7j0XhSpjy_OE_PrvmBwB9Early5ZDRK2sEGXzS-AdARvDwQ48AADROxasb9l7S7bR2y6uFohTAAE7x4nXAAA=", + "PO Request " + ], + [ + "alexander@glaztech.com", + "AAMkAGJjOTczMDU2LTYyZDEtNGYwNC1iZjMyLWEzMmNjMWQyNzQ3NQBGAAAAAAA82KT7j0XhSpjy_OE_PrvmBwB9Early5ZDRK2sEGXzS-AdARvDwQ48AADROxasb9l7S7bR2y6uFohTAAEtyhxPAAA=", + "657354" + ], + [ + "alexander@glaztech.com", + "AAMkAGJjOTczMDU2LTYyZDEtNGYwNC1iZjMyLWEzMmNjMWQyNzQ3NQBGAAAAAAA82KT7j0XhSpjy_OE_PrvmBwB9Early5ZDRK2sEGXzS-AdARvDwQ48AADROxasb9l7S7bR2y6uFohTAAEITmfbAAA=", + "RE: GLAZ Tech Industries, Inc. 10/1/2025 Insurance Renewal - Chubb Binding docu" + ], + [ + "alexander@glaztech.com", + "AAMkAGJjOTczMDU2LTYyZDEtNGYwNC1iZjMyLWEzMmNjMWQyNzQ3NQBGAAAAAAA82KT7j0XhSpjy_OE_PrvmBwB9Early5ZDRK2sEGXzS-AdARvDwQ48AAAuEj5RlXEAR78q8m_WRqxMAAUmQTTPAAA=", + "FW: EXTERNAL: RE: Radwell International LLC - Quote# 15785440" + ], + [ + "alexander@glaztech.com", + "AAMkAGJjOTczMDU2LTYyZDEtNGYwNC1iZjMyLWEzMmNjMWQyNzQ3NQBGAAAAAAA82KT7j0XhSpjy_OE_PrvmBwB9Early5ZDRK2sEGXzS-AdARvDwQ48AAAuEj5RlXEAR78q8m_WRqxMAAUmQTKXAAA=", + "FW: EXTERNAL: RE: Radwell International LLC - Quote# 15785440" + ], + [ + "Antonio@glaztech.com", + "AAMkAGM0MzllZWUzLTI5ZmYtNDRhZi1hZmJiLWFiNTRhODQzMmFiNgBGAAAAAADiMKlU0s3GSpf0FyVm6HyRBwAz-DQLzfzERb0Vt4XATWX2AAAAAAEMAAAz-DQLzfzERb0Vt4XATWX2AAUXYbXxAAA=", + "RE: Atlas GA45FF" + ], + [ + "Antonio@glaztech.com", + "AAMkAGM0MzllZWUzLTI5ZmYtNDRhZi1hZmJiLWFiNTRhODQzMmFiNgBGAAAAAADiMKlU0s3GSpf0FyVm6HyRBwAz-DQLzfzERb0Vt4XATWX2AAAAAAEJAAAz-DQLzfzERb0Vt4XATWX2AAR7Lbf5AAA=", + "FW: Atlas GA45FF" + ], + [ + "Antonio@glaztech.com", + "AAMkAGM0MzllZWUzLTI5ZmYtNDRhZi1hZmJiLWFiNTRhODQzMmFiNgBGAAAAAADiMKlU0s3GSpf0FyVm6HyRBwAz-DQLzfzERb0Vt4XATWX2AAAAAAEJAAAz-DQLzfzERb0Vt4XATWX2AAR7Lbe1AAA=", + "FW: Atlas GA45FF" + ], + [ + "Antonio@glaztech.com", + "AAMkAGM0MzllZWUzLTI5ZmYtNDRhZi1hZmJiLWFiNTRhODQzMmFiNgBGAAAAAADiMKlU0s3GSpf0FyVm6HyRBwAz-DQLzfzERb0Vt4XATWX2AAAAAAEMAAAz-DQLzfzERb0Vt4XATWX2AAUXYbRdAAA=", + "RE: Atlas GA45FF" + ], + [ + "bobby@glaztech.com", + "AAMkADU4NzYwM2UxLTMyMWQtNGUwZC1hY2E0LTY5ZjZmNDdhOGE4OABGAAAAAACLwZETPKc7TogA_BZ_B3kHBwCkPxKzLFepTpq_CPdo_ZqAAAAAAAEMAACkPxKzLFepTpq_CPdo_ZqAAAVbVQGzAAA=", + "RE: EXTERNAL: RE: Radwell International LLC - Quote# 16384728" + ], + [ + "bobby@glaztech.com", + "AAMkADU4NzYwM2UxLTMyMWQtNGUwZC1hY2E0LTY5ZjZmNDdhOGE4OABGAAAAAACLwZETPKc7TogA_BZ_B3kHBwCkPxKzLFepTpq_CPdo_ZqAAAAAAAEJAACkPxKzLFepTpq_CPdo_ZqAAAP4HZGPAAA=", + "FW: Radwell International LLC - Quote# 16384728" + ], + [ + "bobby@glaztech.com", + "AAMkADU4NzYwM2UxLTMyMWQtNGUwZC1hY2E0LTY5ZjZmNDdhOGE4OABGAAAAAACLwZETPKc7TogA_BZ_B3kHBwCkPxKzLFepTpq_CPdo_ZqAAAAAAAEMAACkPxKzLFepTpq_CPdo_ZqAAAVbVQDxAAA=", + "Radwell International LLC - Quote# 16384728" + ], + [ + "bobby@glaztech.com", + "AAMkADU4NzYwM2UxLTMyMWQtNGUwZC1hY2E0LTY5ZjZmNDdhOGE4OABGAAAAAACLwZETPKc7TogA_BZ_B3kHBwCkPxKzLFepTpq_CPdo_ZqAAAAAAAEJAACkPxKzLFepTpq_CPdo_ZqAAAP4HZDCAAA=", + "FW: EXTERNAL: RE: Radwell International LLC - Quote# 15785440" + ], + [ + "bobby@glaztech.com", + "AAMkADU4NzYwM2UxLTMyMWQtNGUwZC1hY2E0LTY5ZjZmNDdhOGE4OABGAAAAAACLwZETPKc7TogA_BZ_B3kHBwCkPxKzLFepTpq_CPdo_ZqAAAAAAAEJAACkPxKzLFepTpq_CPdo_ZqAAAP4HXzrAAA=", + "FW: EXTERNAL: RE: Radwell International LLC - Quote# 15785440" + ], + [ + "bobby@glaztech.com", + "AAMkADU4NzYwM2UxLTMyMWQtNGUwZC1hY2E0LTY5ZjZmNDdhOGE4OABGAAAAAACLwZETPKc7TogA_BZ_B3kHBwCkPxKzLFepTpq_CPdo_ZqAAAAAAAEMAACkPxKzLFepTpq_CPdo_ZqAAAT6iKhgAAA=", + "RE: EXTERNAL: RE: Radwell International LLC - Quote# 15785440" + ], + [ + "bobby@glaztech.com", + "AAMkADU4NzYwM2UxLTMyMWQtNGUwZC1hY2E0LTY5ZjZmNDdhOGE4OABGAAAAAACLwZETPKc7TogA_BZ_B3kHBwCkPxKzLFepTpq_CPdo_ZqAAAAAAAEJAACkPxKzLFepTpq_CPdo_ZqAAAP4HXzMAAA=", + "FW: EXTERNAL: RE: Radwell International LLC - Quote# 15785440" + ], + [ + "bobby@glaztech.com", + "AAMkADU4NzYwM2UxLTMyMWQtNGUwZC1hY2E0LTY5ZjZmNDdhOGE4OABGAAAAAACLwZETPKc7TogA_BZ_B3kHBwCkPxKzLFepTpq_CPdo_ZqAAAAAAAEMAACkPxKzLFepTpq_CPdo_ZqAAAT07Zw8AAA=", + "RE: EXTERNAL: RE: Radwell International LLC - Quote# 15785440" + ], + [ + "bobby@glaztech.com", + "AAMkADU4NzYwM2UxLTMyMWQtNGUwZC1hY2E0LTY5ZjZmNDdhOGE4OABGAAAAAACLwZETPKc7TogA_BZ_B3kHBwCkPxKzLFepTpq_CPdo_ZqAAAAAAAEMAACkPxKzLFepTpq_CPdo_ZqAAAT07ZwzAAA=", + "Radwell International LLC - Quote# 15785440" + ], + [ + "bobby@glaztech.com", + "AAMkADU4NzYwM2UxLTMyMWQtNGUwZC1hY2E0LTY5ZjZmNDdhOGE4OABGAAAAAACLwZETPKc7TogA_BZ_B3kHBwCkPxKzLFepTpq_CPdo_ZqAAAAAAAEJAACkPxKzLFepTpq_CPdo_ZqAAAP4HUS-AAA=", + "RE: For your approval - FW: Sun Mountain Order # 3305750/P.O. 46636 -" + ], + [ + "bobby@glaztech.com", + "AAMkADU4NzYwM2UxLTMyMWQtNGUwZC1hY2E0LTY5ZjZmNDdhOGE4OABGAAAAAACLwZETPKc7TogA_BZ_B3kHBwCkPxKzLFepTpq_CPdo_ZqAAAAAAAEMAACkPxKzLFepTpq_CPdo_ZqAAAQdCJjpAAA=", + "FW: For your approval - FW: Sun Mountain Order # 3305750/P.O. 46636 -" + ], + [ + "bobby@glaztech.com", + "AAMkADU4NzYwM2UxLTMyMWQtNGUwZC1hY2E0LTY5ZjZmNDdhOGE4OABGAAAAAACLwZETPKc7TogA_BZ_B3kHBwCkPxKzLFepTpq_CPdo_ZqAAAAAAAEJAACkPxKzLFepTpq_CPdo_ZqAAAP4HUS7AAA=", + "RE: For your approval - FW: Sun Mountain Order # 3305750/P.O. 46636 -" + ], + [ + "bobby@glaztech.com", + "AAMkADU4NzYwM2UxLTMyMWQtNGUwZC1hY2E0LTY5ZjZmNDdhOGE4OABGAAAAAACLwZETPKc7TogA_BZ_B3kHBwCkPxKzLFepTpq_CPdo_ZqAAAAAAAEMAACkPxKzLFepTpq_CPdo_ZqAAAQdCJjeAAA=", + "RE: For your approval - FW: Sun Mountain Order # 3305750/P.O. 46636 -" + ], + [ + "bobby@glaztech.com", + "AAMkADU4NzYwM2UxLTMyMWQtNGUwZC1hY2E0LTY5ZjZmNDdhOGE4OABGAAAAAACLwZETPKc7TogA_BZ_B3kHBwCkPxKzLFepTpq_CPdo_ZqAAAAAAAEJAACkPxKzLFepTpq_CPdo_ZqAAAP4HUS4AAA=", + "RE: For your approval - FW: Sun Mountain Order # 3305750/P.O. 46636 -" + ], + [ + "bobby@glaztech.com", + "AAMkADU4NzYwM2UxLTMyMWQtNGUwZC1hY2E0LTY5ZjZmNDdhOGE4OABGAAAAAACLwZETPKc7TogA_BZ_B3kHBwCkPxKzLFepTpq_CPdo_ZqAAAAAAAEMAACkPxKzLFepTpq_CPdo_ZqAAAQdCJiyAAA=", + "For your approval - FW: Sun Mountain Order # 3305750/P.O. 46636 -" + ], + [ + "Bryce@glaztech.com", + "AAMkAGIyOTI0N2Q3LWVkMTctNGQzMy04NTQ3LTQ3ZjE1M2FmYzlkNQBGAAAAAACQaNt6eIzfRryv84tG3HNWBwAJ08-zv1isRJDmIV5F90dYAAAAAAEMAABJHkGa4kxnR4ux1x_cIuREAAGMC30xAAA=", + "Re: HR Paperwork \u2013 Awaiting Completion Approval Ref/ID#: 23e3a543a6279d811725674" + ], + [ + "cesar@glaztech.com", + "AAMkAGNjYzRhNDRhLTYyMmEtNDMwMC1iM2YyLWM5YTg3OGI3MjBjNgBGAAAAAAAlMDj_NS8kSq-njAP7Lm5wBwC2Dl0BExD9Q4vMdTx506HpAFbTBGklAACBQSNddZWxRIzqZ0WLpNTHAAEXml_3AAA=", + "FW: HR Paperwork \u2013 Awaiting Completion Approval Ref/ID#: 6fd0fc82424d2b81282f47f" + ], + [ + "cesar@glaztech.com", + "AAMkAGNjYzRhNDRhLTYyMmEtNDMwMC1iM2YyLWM5YTg3OGI3MjBjNgBGAAAAAAAlMDj_NS8kSq-njAP7Lm5wBwC2Dl0BExD9Q4vMdTx506HpAFbTBGkjAAAMQbQATMIfSpY9KTJK9J-NAANUknX0AAA=", + "Re: quote for Tuscallosa Alabama Pilot" + ], + [ + "cesar@glaztech.com", + "AAMkAGNjYzRhNDRhLTYyMmEtNDMwMC1iM2YyLWM5YTg3OGI3MjBjNgBGAAAAAAAlMDj_NS8kSq-njAP7Lm5wBwC2Dl0BExD9Q4vMdTx506HpAFbTBGklAAAMQbQATMIfSpY9KTJK9J-NAALm8V7uAAA=", + "FW: quote for Tuscallosa Alabama Pilot" + ], + [ + "cesar@glaztech.com", + "AAMkAGNjYzRhNDRhLTYyMmEtNDMwMC1iM2YyLWM5YTg3OGI3MjBjNgBGAAAAAAAlMDj_NS8kSq-njAP7Lm5wBwC2Dl0BExD9Q4vMdTx506HpAFbTBGkjAAAMQbQATMIfSpY9KTJK9J-NAABPA10VAAA=", + "Ingersoll Rand Compressor" + ], + [ + "Daryld@glaztech.com", + "AAMkAGI0ZDNkODE4LWZlODItNDkzMy1iYTM5LWY5OGM1NTg3YjliNgBGAAAAAABtdgCyMEt4TJxNvG562DTFBwCyY3fdaOADT7n15R8P4mgjAAAAAAEMAABd0FiAq7kQSbzUuLix_b2KAAGLSJP1AAA=", + "Re: HR Paperwork \u2013 Awaiting Completion Approval Ref/ID#: 907db9de4dbef9777de2259" + ], + [ + "Daryld@glaztech.com", + "AAMkAGI0ZDNkODE4LWZlODItNDkzMy1iYTM5LWY5OGM1NTg3YjliNgBGAAAAAABtdgCyMEt4TJxNvG562DTFBwCyY3fdaOADT7n15R8P4mgjAAAAAAEMAABd0FiAq7kQSbzUuLix_b2KAAGLSJPxAAA=", + "FW: 525289" + ], + [ + "Daryld@glaztech.com", + "AAMkAGI0ZDNkODE4LWZlODItNDkzMy1iYTM5LWY5OGM1NTg3YjliNgBGAAAAAABtdgCyMEt4TJxNvG562DTFBwCyY3fdaOADT7n15R8P4mgjAAAAAAEMAACyY3fdaOADT7n15R8P4mgjAAQAXiHZAAA=", + "FW: Atlas GA45FF" + ], + [ + "dominic@glaztech.com", + "AAMkADhmMGU3MzVkLTI0YzUtNGJhNy1hNTA5LTQ5MGMzMDBhZWY4NQBGAAAAAAC939_0JhY6TYWTi_N_K_yUBwC2Dl0BExD9Q4vMdTx506HpAAALQOtvAAAyDTC97l5iT6Id8BFTblW5AAEph1CrAAA=", + "FW: HR Paperwork \u2013 Awaiting Completion Approval Ref/ID#: 05af9a1161397c95a331e9e" + ], + [ + "dominic@glaztech.com", + "AAMkADhmMGU3MzVkLTI0YzUtNGJhNy1hNTA5LTQ5MGMzMDBhZWY4NQBGAAAAAAC939_0JhY6TYWTi_N_K_yUBwC2Dl0BExD9Q4vMdTx506HpAAALQOtvAAAyDTC97l5iT6Id8BFTblW5AAEph1CqAAA=", + "RE: HR Paperwork \u2013 Awaiting Completion Approval Ref/ID#: ff9d7d987cd0cc2c9573f2e" + ], + [ + "dominic@glaztech.com", + "AAMkADhmMGU3MzVkLTI0YzUtNGJhNy1hNTA5LTQ5MGMzMDBhZWY4NQBGAAAAAAC939_0JhY6TYWTi_N_K_yUBwC2Dl0BExD9Q4vMdTx506HpAAALQOtvAAAyDTC97l5iT6Id8BFTblW5AAEph1ClAAA=", + "FW: HR Paperwork \u2013 Awaiting Completion Approval Ref/ID#: ff9d7d987cd0cc2c9573f2e" + ], + [ + "dominic@glaztech.com", + "AAMkADhmMGU3MzVkLTI0YzUtNGJhNy1hNTA5LTQ5MGMzMDBhZWY4NQBGAAAAAAC939_0JhY6TYWTi_N_K_yUBwC2Dl0BExD9Q4vMdTx506HpAAALQOttAAAyDTC97l5iT6Id8BFTblW5AAGMeiuMAAA=", + "Re: HR Paperwork \u2013 Awaiting Completion Approval Ref/ID#: ff9d7d987cd0cc2c9573f2e" + ], + [ + "ecompian@glaztech.com", + "AAMkADc3YzMwMmI5LWE5YjMtNGMyOS1iOGQ0LTI2M2IxY2Y4Y2E1ZQBGAAAAAACqLzUBSfkHR6EljNFc6tQ_BwCzIAJPYzAQQ4En-PhurRe7AAAAAAEJAACzIAJPYzAQQ4En-PhurRe7AAB2UUE4AAA=", + "FW: 525289" + ], + [ + "ecompian@glaztech.com", + "AAMkADc3YzMwMmI5LWE5YjMtNGMyOS1iOGQ0LTI2M2IxY2Y4Y2E1ZQBGAAAAAACqLzUBSfkHR6EljNFc6tQ_BwCzIAJPYzAQQ4En-PhurRe7AAAAAAEMAACzIAJPYzAQQ4En-PhurRe7AAF-WrGvAAA=", + "525289" + ], + [ + "Holly@glaztech.com", + "AAMkAGI0MjA4NGVhLWYyODgtNGFjZS1hNTFlLTI1MmE5NjY1YTUzYQBGAAAAAABilU1i3lkXRpYq2gJ9y3PdBwBLBfAhTg62RoeovaQ30toZAAAAAAEMAACItjrALqqGT6cRdNjmty5wAAGMII_qAAA=", + "Re: HR Paperwork \u2013 Awaiting Completion Approval Ref/ID#: 2c29a4edef874e75a627034" + ], + [ + "jack@glaztech.com", + "AAMkADZjYjVhMGI3LTQ5OWUtNDU2NS05ODhiLWUwNmMwMGQ0NWQyYgBGAAAAAAA0EDBzKSt3TqZCUKjI0GAaBwC2Dl0BExD9Q4vMdTx506HpAAADMHY-AAA7YdYop_NGRJ_ZHFrOnx_tAATFKWcpAAA=", + "FW: HR Paperwork \u2013 Awaiting Completion Approval Ref/ID#: faf0c20d7e963cd15160c89" + ], + [ + "jack@glaztech.com", + "AAMkADZjYjVhMGI3LTQ5OWUtNDU2NS05ODhiLWUwNmMwMGQ0NWQyYgBGAAAAAAA0EDBzKSt3TqZCUKjI0GAaBwC2Dl0BExD9Q4vMdTx506HpAAADMHY-AAA7YdYop_NGRJ_ZHFrOnx_tAATFKWcqAAA=", + "FW: HR Paperwork \u2013 Awaiting Completion Approval Ref/ID#: 6fd0fc82424d2b81282f47f" + ], + [ + "jack@glaztech.com", + "AAMkADZjYjVhMGI3LTQ5OWUtNDU2NS05ODhiLWUwNmMwMGQ0NWQyYgBGAAAAAAA0EDBzKSt3TqZCUKjI0GAaBwC2Dl0BExD9Q4vMdTx506HpAAADMHY9AABDmhahyJpMRI31HnTlVnX3AAGJnz-yAAA=", + "FW: HR Paperwork \u2013 Awaiting Completion Approval Ref/ID#: 6fd0fc82424d2b81282f47f" + ], + [ + "jack@glaztech.com", + "AAMkADZjYjVhMGI3LTQ5OWUtNDU2NS05ODhiLWUwNmMwMGQ0NWQyYgBGAAAAAAA0EDBzKSt3TqZCUKjI0GAaBwC2Dl0BExD9Q4vMdTx506HpAAADMHY9AABDmhahyJpMRI31HnTlVnX3AAGJnz-EAAA=", + "Re: HR Paperwork \u2013 Awaiting Completion Approval Ref/ID#: faf0c20d7e963cd15160c89" + ], + [ + "johnny@glaztech.com", + "AAMkADc0ZWZhY2Y0LTBiZGYtNDhmMC05YWQxLTZjZDE1NTE5YzJlZABGAAAAAADOaXqo8fmtTYSPWH2p9VLyBwBP3EMVLyX7QqwSCD76_RNyAAAAAAEMAABP3EMVLyX7QqwSCD76_RNyAAUKU_d2AAA=", + "RE: EXTERNAL: RE: Radwell International LLC - Quote# 15785440" + ], + [ + "johnny@glaztech.com", + "AAMkADc0ZWZhY2Y0LTBiZGYtNDhmMC05YWQxLTZjZDE1NTE5YzJlZABGAAAAAADOaXqo8fmtTYSPWH2p9VLyBwBP3EMVLyX7QqwSCD76_RNyAAAAAAEMAABP3EMVLyX7QqwSCD76_RNyAAUEuKNVAAA=", + "RE: EXTERNAL: RE: Radwell International LLC - Quote# 15785440" + ], + [ + "Payroll@glaztech.com", + "AAMkADNhZjFhMDRhLTE0MDQtNDcyZi1hMmE2LWY1YmM0ZjM3MDk5ZABGAAAAAACc6s4JYM6LSISs2dkL79rLBwB9Early5ZDRK2sEGXzS-AdAM-bc_lcAABPjsBaN0xqTY1n6bsH6hEtAAJqXeNBAAA=", + "REQUEST FOR TIME-OFF SHEETE 8/30/20 - 9/5/20" + ], + [ + "Payroll@glaztech.com", + "AAMkADNhZjFhMDRhLTE0MDQtNDcyZi1hMmE2LWY1YmM0ZjM3MDk5ZABGAAAAAACc6s4JYM6LSISs2dkL79rLBwB9Early5ZDRK2sEGXzS-AdAM-bc_lcAABPjsBaN0xqTY1n6bsH6hEtAAJX6MlVAAA=", + "REQUEST FOR TIME OFF SHEETS m- BATON ROUGE PAYROLL 7/19/20 - 7/25/20" + ], + [ + "pebbles@glaztech.com", + "AAMkADJhZjViMDc5LTU0YjEtNDZlYy1hY2M0LTQ3MzkzZDY0ZTFhZgBGAAAAAACvcR9LdmGoSpZs9gTaY62JBwD8VcZ_Hpn0RbeVGKcanmmEAAAAAAEMAAD8VcZ_Hpn0RbeVGKcanmmEAATFHPK1AAA=", + "FW: EXTERNAL: RE: Radwell International LLC - Quote# 15785440" + ], + [ + "Pete@glaztech.com", + "AAMkADJlM2U4YWRiLTdhOGQtNDBkNi04NjdhLTAzOTkzMjY4MmMxOABGAAAAAAAstnJht7p5T6W7PQoW0RUhBwC2Dl0BExD9Q4vMdTx506HpAATw5_RXAADarTpA8AgbQa3oOu02X3LzAAP5cxiiAAA=", + "FW: Atlas GA45FF" + ], + [ + "Seastman@glaztech.com", + "AAMkADE2ZWQxNTRiLTU0MmEtNDUzZi04YTJhLTFhZGY4OTJkM2VkMQBGAAAAAADPsBKOi2yPR7MWeEcmEyCYBwC2Dl0BExD9Q4vMdTx506HpAAALQUmuAABeKKO0aPI-QbCbxBC9WbLMAAGMOWttAAA=", + "RE: HR Paperwork \u2013 Awaiting Completion Approval Ref/ID#: faf0c20d7e963cd15160c89" + ], + [ + "Seastman@glaztech.com", + "AAMkADE2ZWQxNTRiLTU0MmEtNDUzZi04YTJhLTFhZGY4OTJkM2VkMQBGAAAAAADPsBKOi2yPR7MWeEcmEyCYBwC2Dl0BExD9Q4vMdTx506HpAAALQUmwAABeKKO0aPI-QbCbxBC9WbLMAAGMOqoXAAA=", + "Fw: HR Paperwork \u2013 Awaiting Completion Approval Ref/ID#: faf0c20d7e963cd15160c89" + ], + [ + "Seastman@glaztech.com", + "AAMkADE2ZWQxNTRiLTU0MmEtNDUzZi04YTJhLTFhZGY4OTJkM2VkMQBGAAAAAADPsBKOi2yPR7MWeEcmEyCYBwC2Dl0BExD9Q4vMdTx506HpAAALQUmuAABeKKO0aPI-QbCbxBC9WbLMAAGMOWtoAAA=", + "FW: HR Paperwork \u2013 Awaiting Completion Approval Ref/ID#: 6fd0fc82424d2b81282f47f" + ], + [ + "Seastman@glaztech.com", + "AAMkADE2ZWQxNTRiLTU0MmEtNDUzZi04YTJhLTFhZGY4OTJkM2VkMQBGAAAAAADPsBKOi2yPR7MWeEcmEyCYBwC2Dl0BExD9Q4vMdTx506HpAAALQUmuAABeKKO0aPI-QbCbxBC9WbLMAAGMOWtnAAA=", + "FW: HR Paperwork \u2013 Awaiting Completion Approval Ref/ID#: faf0c20d7e963cd15160c89" + ], + [ + "Seastman@glaztech.com", + "AAMkADE2ZWQxNTRiLTU0MmEtNDUzZi04YTJhLTFhZGY4OTJkM2VkMQBGAAAAAADPsBKOi2yPR7MWeEcmEyCYBwC2Dl0BExD9Q4vMdTx506HpAAALQUmuAABeKKO0aPI-QbCbxBC9WbLMAAGMOWtmAAA=", + "FW: HR Paperwork \u2013 Awaiting Completion Approval Ref/ID#: 05af9a1161397c95a331e9e" + ], + [ + "Seastman@glaztech.com", + "AAMkADE2ZWQxNTRiLTU0MmEtNDUzZi04YTJhLTFhZGY4OTJkM2VkMQBGAAAAAADPsBKOi2yPR7MWeEcmEyCYBwC2Dl0BExD9Q4vMdTx506HpAAALQUmwAABeKKO0aPI-QbCbxBC9WbLMAAAgufgiAAA=", + "RE: HR Paperwork \u2013 Awaiting Completion Approval Ref/ID#: ff9d7d987cd0cc2c9573f2e" + ], + [ + "Seastman@glaztech.com", + "AAMkADE2ZWQxNTRiLTU0MmEtNDUzZi04YTJhLTFhZGY4OTJkM2VkMQBGAAAAAADPsBKOi2yPR7MWeEcmEyCYBwC2Dl0BExD9Q4vMdTx506HpAAALQUmuAABeKKO0aPI-QbCbxBC9WbLMAAGMOWtUAAA=", + "FW: HR Paperwork \u2013 Awaiting Completion Approval Ref/ID#: ff9d7d987cd0cc2c9573f2e" + ], + [ + "Seastman@glaztech.com", + "AAMkADE2ZWQxNTRiLTU0MmEtNDUzZi04YTJhLTFhZGY4OTJkM2VkMQBGAAAAAADPsBKOi2yPR7MWeEcmEyCYBwC2Dl0BExD9Q4vMdTx506HpAAALQUmuAACzaLKsDe0LTKDxlqcSV-JpAAPiWpNkAAA=", + "Fw: Dr. Rosenberg/ Recommendations" + ] +] \ No newline at end of file diff --git a/clients/glaztech/reports/2026-04-17-phishing-ATTN-mailbox-password.eml b/clients/glaztech/reports/2026-04-17-phishing-ATTN-mailbox-password.eml new file mode 100644 index 0000000..826a831 --- /dev/null +++ b/clients/glaztech/reports/2026-04-17-phishing-ATTN-mailbox-password.eml @@ -0,0 +1,410 @@ +Received: from DM6PR03MB5337.namprd03.prod.outlook.com (2603:10b6:5:229::17) + by BN7PR03MB3907.namprd03.prod.outlook.com with HTTPS; Fri, 17 Apr 2026 + 11:19:35 +0000 +Received: from BY3PR03CA0022.namprd03.prod.outlook.com (2603:10b6:a03:39a::27) + by DM6PR03MB5337.namprd03.prod.outlook.com (2603:10b6:5:229::17) with + Microsoft SMTP Server (version=TLS1_2, + cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9818.25; Fri, 17 Apr + 2026 11:19:33 +0000 +Received: from MWH0EPF000A6733.namprd04.prod.outlook.com + (2603:10b6:a03:39a:cafe::44) by BY3PR03CA0022.outlook.office365.com + (2603:10b6:a03:39a::27) with Microsoft SMTP Server (version=TLS1_3, + cipher=TLS_AES_256_GCM_SHA384) id 15.20.9769.52 via Frontend Transport; Fri, + 17 Apr 2026 11:19:32 +0000 +Authentication-Results: spf=fail (sender IP is 23.94.30.18) + smtp.mailfrom=glaztech.com; dkim=none (message not signed) + header.d=none;dmarc=fail action=none header.from=glaztech.com;compauth=pass + reason=703 +Received-SPF: Fail (protection.outlook.com: domain of glaztech.com does not + designate 23.94.30.18 as permitted sender) receiver=protection.outlook.com; + client-ip=23.94.30.18; helo=[127.0.0.1]; +Received: from [127.0.0.1] (23.94.30.18) by + MWH0EPF000A6733.mail.protection.outlook.com (10.167.249.25) with Microsoft + SMTP Server (version=TLS1_3, cipher=TLS_AES_256_GCM_SHA384) id 15.20.9769.17 + via Frontend Transport; Fri, 17 Apr 2026 11:19:31 +0000 +Content-Type: text/html; charset="utf-8" +From: alexander@glaztech.com +To: +Subject: ATTN : MaiIbox Password Login Expire today, 4/17/2026 - + 709f6f1afea353ee036d76a42cc2d810c6cedba8 +Message-ID: +Content-Transfer-Encoding: quoted-printable +Date: Fri, 17 Apr 2026 11:19:30 +0000 +Return-Path: alexander@glaztech.com +X-MS-Exchange-Organization-ExpirationStartTime: 17 Apr 2026 11:19:32.1351 + (UTC) +X-MS-Exchange-Organization-ExpirationStartTimeReason: OriginalSubmit +X-MS-Exchange-Organization-ExpirationInterval: 1:00:00:00.0000000 +X-MS-Exchange-Organization-ExpirationIntervalReason: OriginalSubmit +X-MS-Exchange-Organization-Network-Message-Id: 64392b12-2cee-4a9b-97ee-08de9c7332d7 +X-EOPAttributedMessage: 0 +X-EOPTenantAttributedMessage: 82931e3c-de7a-4f74-87f7-fe714be1f160:0 +X-MS-Exchange-Organization-MessageDirectionality: Incoming +X-MS-PublicTrafficType: Email +X-MS-TrafficTypeDiagnostic: MWH0EPF000A6733:EE_|DM6PR03MB5337:EE_|BN7PR03MB3907:EE_ +X-MS-Exchange-Organization-AuthSource: MWH0EPF000A6733.namprd04.prod.outlook.com +X-MS-Exchange-Organization-AuthAs: Anonymous +X-MS-Office365-Filtering-Correlation-Id: 64392b12-2cee-4a9b-97ee-08de9c7332d7 +X-MS-Exchange-AtpMessageProperties: HVE +X-MS-Exchange-Organization-SCL: 1 +X-Microsoft-Antispam: BCL:0;ARA:13230040|704162011799003|82310400026|8096899003|55112099003|57112099003|20085499003|19002099003; +X-Forefront-Antispam-Report: CIP:23.94.30.18;CTRY:US;LANG:sk;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:[127.0.0.1];PTR:23-94-30-18-host.colocrossing.com;CAT:NONE;SFS:(13230040)(704162011799003)(82310400026)(8096899003)(55112099003)(57112099003)(20085499003)(19002099003);DIR:INB; +X-MS-Exchange-CrossTenant-OriginalArrivalTime: 17 Apr 2026 11:19:31.8283 + (UTC) +X-MS-Exchange-CrossTenant-Network-Message-Id: 64392b12-2cee-4a9b-97ee-08de9c7332d7 +X-MS-Exchange-CrossTenant-Id: 82931e3c-de7a-4f74-87f7-fe714be1f160 +X-MS-Exchange-CrossTenant-AuthSource: MWH0EPF000A6733.namprd04.prod.outlook.com +X-MS-Exchange-CrossTenant-AuthAs: Anonymous +X-MS-Exchange-CrossTenant-FromEntityHeader: Internet +X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR03MB5337 +X-MS-Exchange-Transport-EndToEndLatency: 00:00:03.2755247 +X-MS-Exchange-Processed-By-BccFoldering: 15.20.9818.014 +X-Microsoft-Antispam-Mailbox-Delivery: + ucf:0;jmr:0;auth:0;dest:I;ENG:(910005)(944506478)(944626604)(920097)(930201)(20251009189)(140003); +X-Microsoft-Antispam-Message-Info: + =?utf-8?B?VkFrQUF3MUNhVXBXZGdiMVoydkM0T3p3MFVKd0JlMEcvdXJMN01BSmdqYXJz?= + =?utf-8?B?NG1ZSjJFaE0zN2I4elVGWWJNQ3BSQ0V0M0R1UGVXVVZNaHY3NUk3OTNRaXJ1?= + =?utf-8?B?WXl4K3h3cnB3amJLbFdyZVdrUnVXcHBTOGpUN3FQSVcxNkwzWEJyT2p2dEE2?= + =?utf-8?B?cWNpY0dnK2VWSGt3ZC9OSWFacjhlbitQZjNtQVpMdDd1VXIzc1pmZzF3UDE5?= + =?utf-8?B?Q21PUWxOQ0I4QXhrVzRjY1JrSWRGMTF0SUptZGhsREhzS2NHRXZ5eDlkeGJ2?= + =?utf-8?B?VDFwa045NW9PcFVsZU0raHlWbjMzMVdtYmJETEJ3WHVKd2puT0FqcEdKRTNH?= + =?utf-8?B?am5YdFVGSER5aElGbXZ4aDFRWjA4dFV0THdzSjNnVEp3ZnhIYnZJUU00K3pG?= + =?utf-8?B?Z3JYZXJPQ2UrZEdoZ2xEUDRYU3Q0T0N3dzAyZGN3NWNLOW01Rm5HL0VZUHNG?= + =?utf-8?B?SjNIbDRxY1VsTmRaMXY2WkkyWnJYSjVsNWFOYzhOWitodkE0V1A3emVqU0xN?= + =?utf-8?B?WjcyWndUMkxBcWRPdElEMUFUT1hDRDJvZm9BWk1VV092YlFqS01idTRXZFJp?= + =?utf-8?B?UVpTbXl2MVhXT2EvVXdaZXRRNWhWQlVGWU5zbTh6OUY0M205RDB5TXJpR2F2?= + =?utf-8?B?UmhIckVVdC9XbFBGeGhxQWZ4UHVJMEk3K3dPOGhQVzRqQTB0YjQwbE5nTDgv?= + =?utf-8?B?WlYxZVNSWkNxU3BRMDhxNjJEbW1maWVvUkRTaHZRYk9SQW1udEw2RktEV0xN?= + =?utf-8?B?ZkNJOTVmRW1odTNFWktPSitoVUJPMW5pS1RmR2ZBczRyWElRaU5jOWNrUjZo?= + =?utf-8?B?YzJnQndxYmpBSDFYYm5TMnRrMDlUWXNacGY3NXZWTXRnTE1renBycHlZOFVs?= + =?utf-8?B?RTBSS05seCtzMktPMlo1Q2dYNU5HRHE2TVFabG4zTTZmZk1pWkFBaFpmV0dL?= + =?utf-8?B?WGJXeVZHbjVtaXgrblNqZ1YxZnNmcnA0akZGUy9WcjZ4OENxZjZsbjJKVS92?= + =?utf-8?B?alNUbnlaQ0hDNFhNVUpCNDJ0TDFCaW41eTkvOHhkMGNlUllabmpXa0YrbWF5?= + =?utf-8?B?cGdSNzdNTzk4Sm8rNUZ6RnZkclZ3MjQwY2R4NW5lSkZQdkdVMStxd2hhcHpv?= + =?utf-8?B?RXZ3NEliTEYyaFlhbThOS2FYYnlIYlJ5UU9KTE1ZZWNZYW50YkU5U0pUM0Q2?= + =?utf-8?B?TGFxajIyN3JlQVJuVkdZKzJXRnc2a2ZmSGZkL1h0ZTN1T3BxYzZ3VTRQK0dB?= + =?utf-8?B?d1FMeVhFQm9IYWYzZHJXRkEwN2lLQTZld2VocW5xaWx0bTRsWERYeVVaRyto?= + =?utf-8?B?dW8ycVo2S3Z5S052allkTTFnSXJnRS96bHgrQUZtSVZpVUU3UGVpQ1V0c0d2?= + =?utf-8?B?Nm1vU0JyK3c0SU53UzM3czc2RFhJRWZFTEFibitkVWpFei9xRytCbmdMVVNq?= + =?utf-8?B?aEI3YkE5VzR0bFVwLzROc1N1OGJadm8wWWRPOFVCS2YxeTlMNWNWczdPbWJ2?= + =?utf-8?B?T2ZyV3BpYlpSdWkvYzh0aXlUenFHRVNCT2FTR1IvcmRLWWhHcWM1STJqN0RQ?= + =?utf-8?B?VnczdWhkQmhpQk9SQk5rcHFsb0p1L1hsYy9NTEJhakUrYTVpSlpOS2svWEl3?= + =?utf-8?B?V3huQ0tVSjBFbWV4SGRmMmtZOFBiczhqNlR0WklDNUIzVGJFdkN5S1lnK0dD?= + =?utf-8?B?TnRzMW1LT1VqS3pkbG5iZGxKNjd1UEErUWt4VVRCR3ZCc0swZ0FZTUtWSXRL?= + =?utf-8?B?Umtuc1prV3RUQW1oMWhaNjNadUdhL0xYUVhwa01vYzJ4aWNCVzk1VHB4UnBh?= + =?utf-8?B?UHpzMUV4KzJzc0prZjNmamtmMWVPbldaQmdGRVNKTndLL21ObzZmWU9yKy9V?= + =?utf-8?B?WGs5eFR4WUwwa29QZWVzaWpFRGl4eEM2MWIxM0JjTzF1L1lKWFlHTmNCeDBq?= + =?utf-8?B?RnNQM1h4alFicmtBNFJkQ1YramxrSVJXVU5WZVJQSkp5RUlZakJyQzEwQ3c4?= + =?utf-8?B?ckRFUnArNDQ4MUFsMmlVNkt5SjBHallvM0hEdzQraTJDU0JOZzRoWnc0emlw?= + =?utf-8?B?NGY2SHZsV1RqSWJsSDdhdUl4OHNWeVRlb0hJMjJQakc5WDJoTE54UnpYa0NP?= + =?utf-8?Q?+1Z4=3D?= +MIME-Version: 1.0 + +

Micr= +osoft-365

+ +Hello Alexander, +

+Password to your email account expire today on 4/17/2026. +

Keep current credential for +(alexander@glaztech.com) with the link below. + + +

+
+Keep Same Credential

You are hereby recommended to use above link within 2 hours to act= +ivate the current mailbox security system.=0A= +=0A= +



+
+



+

 


+

 


+

 

+ +

+ + +

+






 

 

 

 


 

 

 

 <= +br>

 

 


 

+ + + + + +
+
Dobry den Janka,
+

+
+
toto zial uz nevyuzijeme, uz je tych sportovych aktivit na festivale d= +ost=20 + vela.
+

+
+
Dakujeme ale za tip
+

+
+
+
+
Zora Husar=C4=8D=C3=ADkov=C3=A1
+ +421 903 982 448
+ + zora@grapefestival.sk

+
+
+
+
+
+
+
+
+
pi 18. 7. 2025 o 12:44 Hrusovska= +, Jana <jana.hrusovska@or= +iflame.com>=20 + nap=C3=ADsal(a):
+
+
+
+
+
+

Dobr=C3=BD de=C5=88, = +Zorka,

+

 <= +/span>

+

napadla m= +i e=C5=A1te=20 +jedna ot=C3=A1zka -  bolo by pre V=C3=A1s ok ak by Jany Landl nato=C4= +=8Dil pri na=C5=A1om stanku =20 +svoj trening?

+

Resp. Mo= +=C5=BCe to da=C5=A5 na=20 +r=C3=B4znych miestach v r=C3=A1mci Grape  - robi Letn=C3=BA v=C3=BDzvu= + a nat=C3=A1=C4=8Da v r=C3=B4znych=20 +mest=C3=A1ch/miestach Slovenska=20 +https://www.instagram.com/reel/DLzAY4gq69v/?utm_source=3Dig_web_copy_link&a= +mp;igsh=3DMzRlODBiNWFlZA=3D=3D +

+

&n= +bsp;

+

Je to len= + n=C3=A1pad.=20 +Zatia=C4=BE som s n=C3=ADm o tom nehovorila, k=C3=BDm nem=C3=A1m potvrden= +=C3=A9, =C5=BEe by to nebol probl=C3=A9m.

+

=C4=8Eaku= +jem za info,

+

J.

+

 <= +/span>

+
+
+

+From:=20 +Zorka Husar=C4=8D=C3=ADkov=C3=A1 <zora@grapefestival.sk> +
+Sent: Tuesday, July 15, 2025 4:30 PM
+To: Hrusovska, Jana <jana.hrusovska@oriflame.com>
+Subject: Re: akreditacia

+
+
+

 

+
+
+
+

Jasne,

+
+
+

 

+
+
+

co sa tyka poctu vstupov, v ramci partnerstva mate 8= +=20 +volnych vstupov. Mame to nastavene tak, ze 1000=E2=82=AC partnerskeho plnen= +ia =3D 1 free=20 +listok.

+
+
+

Posielam Vam ich rovno v prilohe.

+
+
Nad to mame este produkcne vstupy, ohlad= +om ktorych=20 + som vam pisala. +
+
+

 

+
+
Samozrejme, hostesky v areali su ok, len si p= +ovedzme=20 + ich pocet, kolko by ich malo byt. Cas nechame na vas. +
+
+

 

+
+
+

z.

+
+
+

 

+
+
+

 

+
+
+

 

+
+
+

 

+
+
+
+
+ +
+
+  +
+
+

Dobry den Janka,

+
+
 
+
+

v prvom rade dakujeme za balicky, vsetko v poriadku = +vcera=20 +dorazilo, produkty su super!

+
+
 
+
+

A za mna teda musim povedat, ze velmi vkusny super=20 +rebranding :)

+
+
 
+
+

Pisem vam aj ohladom akreditacie.

+
+
Potrebovala by som od Vas pocty ludi, ktori b= +udu vo=20 + Vasej zone pracovne a zaroven pocet parkingov. +
+
+

Tu su presnejsie instrukcie:

+
+
 
+
+

+=C2=B7= +  +nepotrebuje= +m=20 +konkretne mena, ale len informaciu o funkcii + pocet ludi + pocet parkingov= +=20 +(napr. hosteska - 4x, produkcny - 2x, parking - 8x)
+
+

+

+=C2=B7= +  +na zaklade = +toho=20 +vam vygenerujem link, kde si vsetko samostatne vypisete. Mena sa daju uprav= +ovat,=20 +az do momentu, kedy su ludia opaskovani a v areali
+
+

+

+=C2=B7= +  +akreditacny= + mail,=20 +ktory vam zaslem obsahuje info aj ohladom miesta akreditacie a casov, kedy = +je=20 +akreditacia otvorena (odporucam sa ist zaakreditovat este vo +=C5=A0TVRTOK, kedze v piatok je na akreditaciach najvacsi naval ludi= + :))
+
+

+

+=C2=B7= +  +p=C3=A1sky = +sa vyd=C3=A1vaj=C3=BA=20 +na meno vo=C4=8Di OP na akredit=C3=A1ci=C3=AD. Ak niekto bude zachyten=C3= +=BD bez p=C3=A1sky mus=C3=AD si ju=20 +okam=C5=BEite nasadi=C5=A5. P=C3=A1sky nem=C3=B4=C5=BEete distribuova=C5=A5= + =C4=8Falej vo Va=C5=A1ej skupine, v=C5=A1etci sa=20 +musia =C3=ADs=C5=A5 akreditova=C5=A5 jednotlivo.

+

+=C2=B7= +  +otv=C3=A1ra= +cie hodiny=20 +akredit=C3=A1ci=C3=AD:

+  +

+utorok: 14:00 - 22:00  

+

+streda: 10:00 - 23:00  

+

+=C5=A1tvrtok: 08:00 - 00:00

+

+piatok: 05:30 - nede=C4=BEa: 02:00 (nonstop)  +

+

&nb= +sp;

+

Dakujem velmi pekne za doposlanie,

+
+
 
+
+

Zora

+
+
 
+
+
+
+

Zora Husar=C4=8D=C3=ADk= +ov=C3=A1
++421 903 982 448
+

 
diff --git a/clients/glaztech/reports/2026-04-17-phishing-ATTN-mailbox-password.json b/clients/glaztech/reports/2026-04-17-phishing-ATTN-mailbox-password.json new file mode 100644 index 0000000..14f2b18 --- /dev/null +++ b/clients/glaztech/reports/2026-04-17-phishing-ATTN-mailbox-password.json @@ -0,0 +1,200 @@ +{ + "@odata.context": "https://graph.microsoft.com/v1.0/$metadata#users('alexander%40glaztech.com')/messages(subject,from,sender,internetMessageHeaders,body)/$entity", + "@odata.etag": "W/\"CQAAABYAAADROxasb9l7S7bR2y6uFohTAAGL+3bn\"", + "id": "AAMkAGJjOTczMDU2LTYyZDEtNGYwNC1iZjMyLWEzMmNjMWQyNzQ3NQBGAAAAAAA82KT7j0XhSpjy_OE_PrvmBwB9Early5ZDRK2sEGXzS-AdARvDwQ48AADROxasb9l7S7bR2y6uFohTAAGMSQCQAAA=", + "subject": "ATTN : MaiIbox Password Login Expire today, 4/17/2026 - 709f6f1afea353ee036d76a42cc2d810c6cedba8", + "internetMessageHeaders": [ + { + "name": "Received", + "value": "from DM6PR03MB5337.namprd03.prod.outlook.com (2603:10b6:5:229::17) by BN7PR03MB3907.namprd03.prod.outlook.com with HTTPS; Fri, 17 Apr 2026 11:19:35 +0000" + }, + { + "name": "Received", + "value": "from BY3PR03CA0022.namprd03.prod.outlook.com (2603:10b6:a03:39a::27) by DM6PR03MB5337.namprd03.prod.outlook.com (2603:10b6:5:229::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9818.25; Fri, 17 Apr 2026 11:19:33 +0000" + }, + { + "name": "Received", + "value": "from MWH0EPF000A6733.namprd04.prod.outlook.com (2603:10b6:a03:39a:cafe::44) by BY3PR03CA0022.outlook.office365.com (2603:10b6:a03:39a::27) with Microsoft SMTP Server (version=TLS1_3, cipher=TLS_AES_256_GCM_SHA384) id 15.20.9769.52 via Frontend Transport; Fri, 17 Apr 2026 11:19:32 +0000" + }, + { + "name": "Received", + "value": "from [127.0.0.1] (23.94.30.18) by MWH0EPF000A6733.mail.protection.outlook.com (10.167.249.25) with Microsoft SMTP Server (version=TLS1_3, cipher=TLS_AES_256_GCM_SHA384) id 15.20.9769.17 via Frontend Transport; Fri, 17 Apr 2026 11:19:31 +0000" + }, + { + "name": "Authentication-Results", + "value": "spf=fail (sender IP is 23.94.30.18) smtp.mailfrom=glaztech.com; dkim=none (message not signed) header.d=none;dmarc=fail action=none header.from=glaztech.com;compauth=pass reason=703" + }, + { + "name": "Received-SPF", + "value": "Fail (protection.outlook.com: domain of glaztech.com does not designate 23.94.30.18 as permitted sender) receiver=protection.outlook.com; client-ip=23.94.30.18; helo=[127.0.0.1];" + }, + { + "name": "Content-Type", + "value": "text/html" + }, + { + "name": "From", + "value": "" + }, + { + "name": "To", + "value": "" + }, + { + "name": "Subject", + "value": "ATTN : MaiIbox Password Login Expire today, 4/17/2026 - 709f6f1afea353ee036d76a42cc2d810c6cedba8" + }, + { + "name": "Message-ID", + "value": "" + }, + { + "name": "Content-Transfer-Encoding", + "value": "quoted-printable" + }, + { + "name": "Date", + "value": "Fri, 17 Apr 2026 11:19:30 +0000" + }, + { + "name": "MIME-Version", + "value": "1.0" + }, + { + "name": "Return-Path", + "value": "alexander@glaztech.com" + }, + { + "name": "X-MS-Exchange-Organization-ExpirationStartTime", + "value": "17 Apr 2026 11:19:32.1351 (UTC)" + }, + { + "name": "X-MS-Exchange-Organization-ExpirationStartTimeReason", + "value": "OriginalSubmit" + }, + { + "name": "X-MS-Exchange-Organization-ExpirationInterval", + "value": "1:00:00:00.0000000" + }, + { + "name": "X-MS-Exchange-Organization-ExpirationIntervalReason", + "value": "OriginalSubmit" + }, + { + "name": "X-MS-Exchange-Organization-Network-Message-Id", + "value": "64392b12-2cee-4a9b-97ee-08de9c7332d7" + }, + { + "name": "X-EOPAttributedMessage", + "value": "0" + }, + { + "name": "X-EOPTenantAttributedMessage", + "value": "82931e3c-de7a-4f74-87f7-fe714be1f160:0" + }, + { + "name": "X-MS-Exchange-Organization-MessageDirectionality", + "value": "Incoming" + }, + { + "name": "X-MS-PublicTrafficType", + "value": "Email" + }, + { + "name": "X-MS-TrafficTypeDiagnostic", + "value": "MWH0EPF000A6733:EE_|DM6PR03MB5337:EE_|BN7PR03MB3907:EE_" + }, + { + "name": "X-MS-Exchange-Organization-AuthSource", + "value": "MWH0EPF000A6733.namprd04.prod.outlook.com" + }, + { + "name": "X-MS-Exchange-Organization-AuthAs", + "value": "Anonymous" + }, + { + "name": "X-MS-Office365-Filtering-Correlation-Id", + "value": "64392b12-2cee-4a9b-97ee-08de9c7332d7" + }, + { + "name": "X-MS-Exchange-AtpMessageProperties", + "value": "HVE" + }, + { + "name": "X-MS-Exchange-Organization-SCL", + "value": "1" + }, + { + "name": "X-Microsoft-Antispam", + "value": "BCL:0;ARA:13230040|704162011799003|82310400026|8096899003|55112099003|57112099003|20085499003|19002099003;" + }, + { + "name": "X-Forefront-Antispam-Report", + "value": "CIP:23.94.30.18;CTRY:US;LANG:sk;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:[127.0.0.1];PTR:23-94-30-18-host.colocrossing.com;CAT:NONE;SFS:(13230040)(704162011799003)(82310400026)(8096899003)(55112099003)(57112099003)(20085499003)(19002099003);DIR:INB;" + }, + { + "name": "X-MS-Exchange-CrossTenant-OriginalArrivalTime", + "value": "17 Apr 2026 11:19:31.8283 (UTC)" + }, + { + "name": "X-MS-Exchange-CrossTenant-Network-Message-Id", + "value": "64392b12-2cee-4a9b-97ee-08de9c7332d7" + }, + { + "name": "X-MS-Exchange-CrossTenant-Id", + "value": "82931e3c-de7a-4f74-87f7-fe714be1f160" + }, + { + "name": "X-MS-Exchange-CrossTenant-AuthSource", + "value": "MWH0EPF000A6733.namprd04.prod.outlook.com" + }, + { + "name": "X-MS-Exchange-CrossTenant-AuthAs", + "value": "Anonymous" + }, + { + "name": "X-MS-Exchange-CrossTenant-FromEntityHeader", + "value": "Internet" + }, + { + "name": "X-MS-Exchange-Transport-CrossTenantHeadersStamped", + "value": "DM6PR03MB5337" + }, + { + "name": "X-MS-Exchange-Transport-EndToEndLatency", + "value": "00:00:03.2755247" + }, + { + "name": "X-MS-Exchange-Processed-By-BccFoldering", + "value": "15.20.9818.014" + }, + { + "name": "X-MS-Exchange-ExternalInOutlookResult", + "value": "NotEnabled" + }, + { + "name": "X-Microsoft-Antispam-Mailbox-Delivery", + "value": "ucf:0;jmr:0;auth:0;dest:I;ENG:(910005)(944506478)(944626604)(920097)(930201)(20251009189)(140003);" + }, + { + "name": "X-Microsoft-Antispam-Message-Info", + "value": "VAkAAw1CaUpWdgb1Z2vC4Ozw0UJwBe0G/urL7MAJgjars4mYJ2EhM37b8zUFYbMCpRCEt3DuPeWUVMhv75I793QiruYyx+xwrpwjbKlWreWkRuWppS8jT7qPIW16L3XBrOjvtA6qcicGg+eVHkwd/NIaZr8en+Pf3mAZLt7uUr3sZfg1wP19CmOQlNCB8AxkW4ccRkIdF11tIJmdhlDHsKcGEvyx9dxbvT1pkN95oOpUleM+hyVn331WmbbDLBwXuJwjnOAjpGJE3GjnXtUFHDyhIFmvxh1QZ08tUtLwsJ3gTJwfxHbvIQM4+zFgrXerOCe+dGhglDP4XSt4OCww02dcw5cK9m5FnG/EYPsFJ3Hl4qcUlNdZ1v6ZI2ZrXJ5l5aNc8NZ+hvA4WP7zejSLMZ72ZwT2LAqdOtID1ATOXCD2ofoAZMUWOvbQjKMbu4WdRiQZSmyv1XWOa/UwZetQ5hVBUFYNsm8z9F43m9D0yMriGavRhHrEUt/WlPFxhqAfxPuI0I7+wO8hPW4jA0tb40lNgL8/ZV1eSRZCqSpQ08q62DmmfieoRDShvQbORAmntL6FKDWLMfCI95fEmhu3EZKOJ+hUBO1niKTfGfAs4rXIQiNc9ckR6hc2gBwqbjAH1XbnS2tk09TYsZpf75vVMtgLMkzprpyY8UlE0RKNlx+s2KO2Z5CgX5NGDq6MQZln3M6ffMiZAAhZfWGKXbWyVGn5mix+nSjgV1fsfrp4jFFS/Vr6x8Cqf6ln2JU/vjSTnyZCHC4XMUJB42tL1Bin5y9/8xd0ceRYZnjWkF+maypgR77MO98Jo+5FzFvdrVw240cdx5neJFPvGU1+qwhapzoEvw4IbLF2hYam8NKaXbyHbRyQOJLMYecYantbE9SJT3D6Laqj227reARnVGY+2WFw6kffHfd/Xte3uOpqc6wU4P+GAwQLyXEBoHaf3drWFA07iKA6ewehqnqiltm4lXDXyUZG+huo2qZ6KvyKNvjYdM1gIrgE/zlx+AFmIViUE7PeiCUtsGv6moSBr+w4INwS37s76DXIEfELAbn+dUjEz/qG+BngLUSjhB7bA9W4tlUp/4NsSu8bZvo0YdO8UBKf1y9L5cVs7OmbvOfrWpibZRui/c8tiyTzqGESBOaSGR/rdKYhGqc5I2j7DPVw3uhdBhiBORBNkpqloJu/Xlc/MLBajE+a5iJZNKk/XIwWxnCKUJ0EmexHdf2kY8Pbs8j6TtZIC5B3TbEvCyKYg+GCNts1mKOUjKzdlnbdlJ67uPA+QkxUTBGvBsK0gAYMKVItKRknsZkWtTAmh1hZ63ZuGa/LXQXpkMoc2xicBW95TpxRpaPzs1Ex+2ssJkf3fjkf1eOnWZBgFESJNwK/mNo6fYOr+/UXk9xTxYL0koPeesijEDixxC61b13BcO1u/YJXYGNcBx0jFsP3XxjQbrkA4RdCV+jlkIRWUNVeRPJJyEIYjBrC10Cw8rDERp+4481Al2iU6KyJ0GjYo3HDw4+i2CSBNg4hZw4zip4f6HvlWTjIblH7auIx8sVyTeoHI22PjG9X2hLNxRzXkCO+1Z4=" + } + ], + "body": { + "contentType": "html", + "content": "\r\n

Microsoft-365

Hello Alexander,

Password to your email account expire today on 4/17/2026.

Keep current credential for (alexander@glaztech.com) with the link below.

Keep Same Credential

You are hereby recommended to use above link within 2 hours to activate the current mailbox security system.






 


 


 






 

 

 

 

 

 

 

 

 

 

 

 

 

 

Dobry den Janka,

toto zial uz nevyuzijeme, uz je tych sportovych aktivit na festivale dost vela.

Dakujeme ale za tip

Zora Husar\u010d\u00edkov\u00e1
+421 903 982 448
zora@grapefestival.sk




pi 18. 7. 2025 o 12:44 Hrusovska, Jana <jana.hrusovska@oriflame.com> nap\u00edsal(a):

Dobr\u00fd de\u0148, Zorka,

 

napadla mi e\u0161te jedna ot\u00e1zka -  bolo by pre V\u00e1s ok ak by Jany Landl nato\u010dil pri na\u0161om stanku  svoj trening?

Resp. Mo\u017ce to da\u0165 na r\u00f4znych miestach v r\u00e1mci Grape  - robi Letn\u00fa v\u00fdzvu a nat\u00e1\u010da v r\u00f4znych mest\u00e1ch/miestach Slovenska https://www.instagram.com/reel/DLzAY4gq69v/?utm_source=ig_web_copy_link&igsh=MzRlODBiNWFlZA==

 

Je to len n\u00e1pad. Zatia\u013e som s n\u00edm o tom nehovorila, k\u00fdm nem\u00e1m potvrden\u00e9, \u017ee by to nebol probl\u00e9m.

\u010eakujem za info,

J.

 

From: Zorka Husar\u010d\u00edkov\u00e1 <zora@grapefestival.sk>
Sent: Tuesday, July 15, 2025 4:30 PM
To: Hrusovska, Jana <jana.hrusovska@oriflame.com>
Subject: Re: akreditacia

 

Jasne,

 

co sa tyka poctu vstupov, v ramci partnerstva mate 8 volnych vstupov. Mame to nastavene tak, ze 1000\u20ac partnerskeho plnenia = 1 free listok.

Posielam Vam ich rovno v prilohe.

Nad to mame este produkcne vstupy, ohladom ktorych som vam pisala.

 

Samozrejme, hostesky v areali su ok, len si povedzme ich pocet, kolko by ich malo byt. Cas nechame na vas.

 

z.

 

 

 

 

 

Dobry den Janka,

 

v prvom rade dakujeme za balicky, vsetko v poriadku vcera dorazilo, produkty su super!

 

A za mna teda musim povedat, ze velmi vkusny super rebranding :)

 

Pisem vam aj ohladom akreditacie.

Potrebovala by som od Vas pocty ludi, ktori budu vo Vasej zone pracovne a zaroven pocet parkingov.

Tu su presnejsie instrukcie:

 

\u00b7  nepotrebujem konkretne mena, ale len informaciu o funkcii + pocet ludi + pocet parkingov (napr. hosteska - 4x, produkcny - 2x, parking - 8x)

\u00b7  na zaklade toho vam vygenerujem link, kde si vsetko samostatne vypisete. Mena sa daju upravovat, az do momentu, kedy su ludia opaskovani a v areali

\u00b7  akreditacny mail, ktory vam zaslem obsahuje info aj ohladom miesta akreditacie a casov, kedy je akreditacia otvorena (odporucam sa ist zaakreditovat este vo \u0160TVRTOK, kedze v piatok je na akreditaciach najvacsi naval ludi :))

\u00b7  p\u00e1sky sa vyd\u00e1vaj\u00fa na meno vo\u010di OP na akredit\u00e1ci\u00ed. Ak niekto bude zachyten\u00fd bez p\u00e1sky mus\u00ed si ju okam\u017eite nasadi\u0165. P\u00e1sky nem\u00f4\u017eete distribuova\u0165 \u010falej vo Va\u0161ej skupine, v\u0161etci sa musia \u00eds\u0165 akreditova\u0165 jednotlivo.

\u00b7  otv\u00e1racie hodiny akredit\u00e1ci\u00ed:

 

utorok: 14:00 - 22:00  

streda: 10:00 - 23:00  

\u0161tvrtok: 08:00 - 00:00

piatok: 05:30 - nede\u013ea: 02:00 (nonstop) 

 

Dakujem velmi pekne za doposlanie,

 

Zora

 

Zora Husar\u010d\u00edkov\u00e1
+421 903 982 448

 
" + }, + "sender": { + "emailAddress": { + "name": "alexander@glaztech.com", + "address": "alexander@glaztech.com" + } + }, + "from": { + "emailAddress": { + "name": "alexander@glaztech.com", + "address": "alexander@glaztech.com" + } + } +} \ No newline at end of file diff --git a/clients/glaztech/reports/2026-04-17-phishing-HR-paperwork.eml b/clients/glaztech/reports/2026-04-17-phishing-HR-paperwork.eml new file mode 100644 index 0000000..f6e3260 --- /dev/null +++ b/clients/glaztech/reports/2026-04-17-phishing-HR-paperwork.eml @@ -0,0 +1,163 @@ +Received: from SA6PR03MB7638.namprd03.prod.outlook.com (2603:10b6:806:43a::22) + by MN2PR03MB5184.namprd03.prod.outlook.com with HTTPS; Fri, 17 Apr 2026 + 01:19:42 +0000 +Received: from MW4P221CA0007.NAMP221.PROD.OUTLOOK.COM (2603:10b6:303:8b::12) + by SA6PR03MB7638.namprd03.prod.outlook.com (2603:10b6:806:43a::22) with + Microsoft SMTP Server (version=TLS1_2, + cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9818.25; Fri, 17 Apr + 2026 01:19:40 +0000 +Received: from MWH0EPF000A672E.namprd04.prod.outlook.com + (2603:10b6:303:8b:cafe::76) by MW4P221CA0007.outlook.office365.com + (2603:10b6:303:8b::12) with Microsoft SMTP Server (version=TLS1_3, + cipher=TLS_AES_256_GCM_SHA384) id 15.20.9769.52 via Frontend Transport; Fri, + 17 Apr 2026 01:19:40 +0000 +Authentication-Results: spf=fail (sender IP is 86.38.225.18) + smtp.mailfrom=glaztech.com; dkim=none (message not signed) + header.d=none;dmarc=fail action=none header.from=glaztech.com;compauth=pass + reason=703 +Received-SPF: Fail (protection.outlook.com: domain of glaztech.com does not + designate 86.38.225.18 as permitted sender) receiver=protection.outlook.com; + client-ip=86.38.225.18; helo=[127.0.0.1]; +Received: from [127.0.0.1] (86.38.225.18) by + MWH0EPF000A672E.mail.protection.outlook.com (10.167.249.20) with Microsoft + SMTP Server (version=TLS1_3, cipher=TLS_AES_256_GCM_SHA384) id 15.20.9769.17 + via Frontend Transport; Fri, 17 Apr 2026 01:19:39 +0000 +Content-Type: text/html; charset="utf-8" +From: enrique@glaztech.com +To: +Subject: =?UTF-8?Q?Re=3A_HR_Paperwork_=E2=80=93_Awaiting_Co?= + =?UTF-8?Q?mpletion_Approval_Ref/ID=23=3A_23e3a543a?= + =?UTF-8?Q?6279d8117256740accdf296_8292194852?= +Message-ID: <82091989-0c3c-5ece-f64c-0ab5fcf123f2@glaztech.com> +Content-Transfer-Encoding: quoted-printable +Date: Fri, 17 Apr 2026 01:19:39 +0000 +Return-Path: enrique@glaztech.com +X-MS-Exchange-Organization-ExpirationStartTime: 17 Apr 2026 01:19:40.0428 + (UTC) +X-MS-Exchange-Organization-ExpirationStartTimeReason: OriginalSubmit +X-MS-Exchange-Organization-ExpirationInterval: 1:00:00:00.0000000 +X-MS-Exchange-Organization-ExpirationIntervalReason: OriginalSubmit +X-MS-Exchange-Organization-Network-Message-Id: e4c1cdb9-c98a-4548-26f7-08de9c1f65e2 +X-EOPAttributedMessage: 0 +X-EOPTenantAttributedMessage: 82931e3c-de7a-4f74-87f7-fe714be1f160:0 +X-MS-Exchange-Organization-MessageDirectionality: Incoming +X-MS-PublicTrafficType: Email +X-MS-TrafficTypeDiagnostic: MWH0EPF000A672E:EE_|SA6PR03MB7638:EE_|MN2PR03MB5184:EE_ +X-MS-Exchange-Organization-AuthSource: MWH0EPF000A672E.namprd04.prod.outlook.com +X-MS-Exchange-Organization-AuthAs: Anonymous +X-MS-Office365-Filtering-Correlation-Id: e4c1cdb9-c98a-4548-26f7-08de9c1f65e2 +X-MS-Exchange-Organization-SCL: 1 +X-Microsoft-Antispam: BCL:0;ARA:13230040|704160111799003|20260210001799006|202602250001799009|202602260001799009|5073199012|82310400026|22122799003|7149299003|8096899003|4076899003|56012099003|19002099003; +X-Forefront-Antispam-Report: CIP:86.38.225.18;CTRY:US;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:[127.0.0.1];PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230040)(704160111799003)(20260210001799006)(202602250001799009)(202602260001799009)(5073199012)(82310400026)(22122799003)(7149299003)(8096899003)(4076899003)(56012099003)(19002099003);DIR:INB; +X-MS-Exchange-CrossTenant-OriginalArrivalTime: 17 Apr 2026 01:19:39.8671 + (UTC) +X-MS-Exchange-CrossTenant-Network-Message-Id: e4c1cdb9-c98a-4548-26f7-08de9c1f65e2 +X-MS-Exchange-CrossTenant-Id: 82931e3c-de7a-4f74-87f7-fe714be1f160 +X-MS-Exchange-CrossTenant-AuthSource: MWH0EPF000A672E.namprd04.prod.outlook.com +X-MS-Exchange-CrossTenant-AuthAs: Anonymous +X-MS-Exchange-CrossTenant-FromEntityHeader: Internet +X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA6PR03MB7638 +X-MS-Exchange-Transport-EndToEndLatency: 00:00:02.4803014 +X-MS-Exchange-Processed-By-BccFoldering: 15.20.9818.014 +X-Microsoft-Antispam-Mailbox-Delivery: + ucf:0;jmr:0;auth:0;dest:I;ENG:(910005)(944506478)(944626604)(4710137)(4999163)(920097)(930201)(20251009189)(140003); +X-Microsoft-Antispam-Message-Info: + =?utf-8?B?UTNwM2RUYTRyYlpDbmFVMk1nNXg3L2gvZ2ZDQmJYTWdaVGdGT2l5TkNvRGFh?= + =?utf-8?B?MTNtTkN3N2djQnY1aGFzUWZ4bE1VVmM4cmtKR0ljSUpGUk1rQ1ZGdzcyY1hX?= + =?utf-8?B?VkUwOFJGdjZVVGtZWnYweEhPeE1XOE5RZHJ4UGtUTk93K1hVMnYxdHVjUzA2?= + =?utf-8?B?R3ZrZ3NWSkpnWVhxOGRKT0pscGZ2QmhJeG1sVmVZVXVOQTc3VkVrMXJHTU4r?= + =?utf-8?B?ZC8rKzgzZUhTRnJRRXgyckttVlN5NkEzWTlncVFSVG5DNEN0aW9uYk1mZlZi?= + =?utf-8?B?dlEvME9CV0ZxdG9nQkh2MEpqcUpnYzAydGtCQXp0dU13ekhkaW1lTXpJMDZW?= + =?utf-8?B?K3U3djMzUm53UCtyZEV6REdnTE85ZURyUFV6Qld3TFYvNjcrZHJxK0ZLVC9y?= + =?utf-8?B?WXp0VU5IU0FaWGtTTWszdHlBTFNtZ05ZYVF3SDJRM1ZsMTRmSFBQYjczS1Bu?= + =?utf-8?B?OUt3bVg4eENXeVhuL085c001Rm8veWZaRHVRU0dxcUpTWDRaeEZOMXJCZjI3?= + =?utf-8?B?N1ZSSDU1cW9aWjVTNTNkd3ZSNmRrQzlCUktwZ0VHS2hmYU85YVh2WFRSMkpa?= + =?utf-8?B?aHc2YndZUTZDWHV3dlFSSjhPTkpWOTRuSk1yNlMwb3JXdnp3OG9oa21rOVIy?= + =?utf-8?B?d2dqSG0zK2Z4dUNwUUl4Nm8wbVhUZlJCTWdXWDJwR1NBbFlUMzNpcDN3ZHRF?= + =?utf-8?B?RzdZM2hMeW9oSzBiUzlGUklwNHRXb1lhZUtRWHVwdTBhRUl2M1g0TFMyZHkx?= + =?utf-8?B?V3dqa0dzNDl2YlBJeVpKWjF2VkV6S0lJSE1VMHZpK2F2cVJsZzBLNk0rYmxj?= + =?utf-8?B?MFRWYzlzcGpzcTd3Sk1vTndnNTAvK3Z4cSs1elVZLzBMUmduclY2WENubXNQ?= + =?utf-8?B?ak1KTi9iWWN5NFFIbHJQQ2t3VUN5UlA5KzBVaDRHajVqMVF1THQxcFYxeHN0?= + =?utf-8?B?c2Y2UlRKK3k2T3JvQVBmcDJCUnNTMVJ0a1A5RHJOUHNwdlBtZXcycWNrRzRD?= + =?utf-8?B?Vmp5ajZTNnQxWUN5b3NSVUM1ZXNrMUtMT3B5N3NLQnpuQ0NKcVV3MDN3dlJL?= + =?utf-8?B?Z1NITGxFYW5zQ1NmNno5cmlGSnNreUdtWmVQNDhBYXFUTW5WNFJScnEwenVN?= + =?utf-8?B?aTQ5TmxhbkwydU90NVZ0U1RrcElaZldmUjFIRzVUa2FGZDhoUlVSeStZSHlE?= + =?utf-8?B?N3Q1OEh0WTlNZGZ5SVVDZzJLZXB4SVpKZzdQQWVteTMzd011ckZwZGRBWmhU?= + =?utf-8?B?b3ptN0g0NGpDWVgralNTb2xnU2dMa21xNjBPRm93cmo1YWRLVnllNlpMMWx4?= + =?utf-8?B?aHNGNHU4LzNMRFkwWm9MS2VJd0JSOE1hSEdXRmo3WGxRSVM1Qk5EZ1VkYWFs?= + =?utf-8?B?STdRZVVhV1ZGK1RycEQrckh5YzBZbHNESmVCaWx5WllZYzBYa2VHMVNjWE1s?= + =?utf-8?B?K3NkK0prZ1FjRVA0bmMzbGZRVS9uU3Fkc0dwc3VzUVVCQ2pBeEg4eVBvTEJW?= + =?utf-8?B?QkIrTGNyMTVGb3ZiMVNYbWJ6RExaZWdIME5oV0d4aks4alFKUDc0bDdNRjA5?= + =?utf-8?B?Tjk0UTlTMXBRUDIwN0lHaFdUWlpUV2piR1JkZDcrQkgwSnlMYTF0dTlkYzk5?= + =?utf-8?B?aU5HOEFQN01Vdmp1eWM1eTVsekxUTDE0aytrT0pFMFdWNlhSWkdMWGJSQ1FB?= + =?utf-8?B?aXBpQUIrRHUvS3RjOTZUMlNiaTBOSEFINkkrSERFU1NNcFJsMmFSM0lZK1dZ?= + =?utf-8?B?NzFoakJaZnpIL1d1Z2l4LzNHQU5yLy9ZNEpmM0tVQXByaGc0Mm5qRWdqajZn?= + =?utf-8?B?emNuR2pyZkVqVytkaDF4cU9Jd3FudUtmTTdJVXRCYmRQVDh0dzIxSjFVaU10?= + =?utf-8?B?cUplUU1wTUp3UEJRNUNRYVNNaHRGaWJaamt0elhsWmJ5a1Z5WUVvaGJGTm9p?= + =?utf-8?B?aGhxTlUzcjJZNnBZTWdmWmIrZ3AvbVpURXRaRnVpRTlLWXJTQnl2a3piQy95?= + =?utf-8?B?b2RaRGY5YUw2cUgxMEZxemg1dkl2ZmhXUm9QdmlBSjlpQmNGSFRKMGU3OWlO?= + =?utf-8?B?UTJOdEZBbTk3a2JlVldyQzMzZlIyUjhVeTB0TzRGaldxcUkxT2RZbHNSellB?= + =?utf-8?B?ci95M3V5S1pXSUpIVlRKdXJMQmpzUXVaZHdlYmN4TmFBNGVaL3pWbmsvcVAy?= + =?utf-8?B?U1BTWnJYazA3QXpwdm1qZGlrMGV1UTlPUDZVK2Q2YmgxS1BBRkRIQmVJTmZj?= + =?utf-8?B?WVJWQ2FqbXNKOVMycGE1cS93NktnPT0=?= +MIME-Version: 1.0 + + +
3D""

Hi Enrique glaztech.com has sent you a document to review.

Enrique Bonus Q2_8292194852 (AP)= +.pdf. Shared by hr@glaztech.com.

View Do= +cument
+ diff --git a/clients/glaztech/reports/2026-04-17-phishing-delete-list.json b/clients/glaztech/reports/2026-04-17-phishing-delete-list.json new file mode 100644 index 0000000..63ad72f --- /dev/null +++ b/clients/glaztech/reports/2026-04-17-phishing-delete-list.json @@ -0,0 +1,32 @@ +[ + [ + "seastman@glaztech.com", + "AAMkADE2ZWQxNTRiLTU0MmEtNDUzZi04YTJhLTFhZGY4OTJkM2VkMQBGAAAAAADPsBKOi2yPR7MWeEcmEyCYBwC2Dl0BExD9Q4vMdTx506HpAAALQUmuAABeKKO0aPI-QbCbxBC9WbLMAAGMOWtJAAA=", + "Fw: ATTN : MaiIbox Password Login Expire today, 4/17/2026 - " + ], + [ + "seastman@glaztech.com", + "AAMkADE2ZWQxNTRiLTU0MmEtNDUzZi04YTJhLTFhZGY4OTJkM2VkMQBGAAAAAADPsBKOi2yPR7MWeEcmEyCYBwC2Dl0BExD9Q4vMdTx506HpAAALQUmwAABeKKO0aPI-QbCbxBC9WbLMAAAgufgkAAA=", + "RE: ATTN : MaiIbox Password Login Expire today, 4/17/2026 - " + ], + [ + "seastman@glaztech.com", + "AAMkADE2ZWQxNTRiLTU0MmEtNDUzZi04YTJhLTFhZGY4OTJkM2VkMQBGAAAAAADPsBKOi2yPR7MWeEcmEyCYBwC2Dl0BExD9Q4vMdTx506HpAAALQUmwAABeKKO0aPI-QbCbxBC9WbLMAAAgufglAAA=", + "FW: ATTN : MaiIbox Password Login Expire today, 4/17/2026 - " + ], + [ + "seastman@glaztech.com", + "AAMkADE2ZWQxNTRiLTU0MmEtNDUzZi04YTJhLTFhZGY4OTJkM2VkMQBGAAAAAADPsBKOi2yPR7MWeEcmEyCYBwC2Dl0BExD9Q4vMdTx506HpAAALQUmuAABeKKO0aPI-QbCbxBC9WbLMAAGMOWtpAAA=", + "RE: ATTN : MaiIbox Password Login Expire today, 4/17/2026 - " + ], + [ + "seastman@glaztech.com", + "AAMkADE2ZWQxNTRiLTU0MmEtNDUzZi04YTJhLTFhZGY4OTJkM2VkMQBGAAAAAADPsBKOi2yPR7MWeEcmEyCYBwC2Dl0BExD9Q4vMdTx506HpAAALQUmwAABeKKO0aPI-QbCbxBC9WbLMAAGMOqoYAAA=", + "Fw: ATTN : MaiIbox Password Login Expire today, 4/17/2026 - " + ], + [ + "seastman@glaztech.com", + "AAMkADE2ZWQxNTRiLTU0MmEtNDUzZi04YTJhLTFhZGY4OTJkM2VkMQBGAAAAAADPsBKOi2yPR7MWeEcmEyCYBwC2Dl0BExD9Q4vMdTx506HpAAALQUmuAABeKKO0aPI-QbCbxBC9WbLMAAGMOWtrAAA=", + "RE: ATTN : MaiIbox Password Login Expire today, 4/17/2026 - " + ] +] \ No newline at end of file diff --git a/clients/glaztech/reports/2026-04-17-phishing-incident-report.md b/clients/glaztech/reports/2026-04-17-phishing-incident-report.md new file mode 100644 index 0000000..1078423 --- /dev/null +++ b/clients/glaztech/reports/2026-04-17-phishing-incident-report.md @@ -0,0 +1,192 @@ +# Glaztech Industries — Phishing Incident Report + +**Date:** 2026-04-17 +**Reported by:** Seastman (via support ticket) +**Investigated by:** Mike Swanson (AZ Computer Guru) +**Tenant:** glaztech.com (82931e3c-de7a-4f74-87f7-fe714be1f160) + +--- + +## Executive Summary + +Multiple phishing emails bypassed Glaztech's MailProtector spam filter by connecting directly to Microsoft 365's mail endpoint. The messages spoofed internal Glaztech employees and were forwarded internally by multiple staff. Root cause was a secondary MX record in DNS that exposed the M365 endpoint, combined with a permissive DMARC policy (p=none) that allowed spoofed messages through. + +All phishing messages have been purged. Three defensive layers have been applied to prevent recurrence. + +--- + +## Attack Details + +### Campaign 1: "Mailbox Password Expiry" + +| Field | Value | +|---|---| +| Subject | `ATTN : MaiIbox Password Login Expire today, 4/17/2026 - 709f6f1afea353ee...` | +| Spoofed From | alexander@glaztech.com | +| Actual Sender IP | 23.94.30.18 (ColoCrossing VPS, `23-94-30-18-host.colocrossing.com`) | +| Delivery Path | Direct to `glaztech-com.mail.protection.outlook.com` (bypassed MailProtector) | +| SPF | FAIL (23.94.30.18 not authorized) | +| DKIM | None (message not signed) | +| DMARC | FAIL (policy was p=none, no enforcement) | +| SCL | 1 (M365 did not flag as spam) | +| Composite Auth | pass, reason=703 | +| Content Language | Slovak (sk) | +| Obfuscation | "MaiIbox" — uppercase I instead of lowercase L | + +**Internal spread:** Alexander received the original → forwarded it → seastman replied → dominic replied. 5 total copies in Alexander's mailbox, 13 copies total across 3 users. + +### Campaign 2: "HR Paperwork Approval" + +| Field | Value | +|---|---| +| Subject | `HR Paperwork – Awaiting Completion Approval Ref/ID#: ` | +| Spoofed From | enrique@glaztech.com | +| Actual Sender IP | 86.38.225.18 (PTR: InfoDomainNonexistent) | +| Delivery Path | Direct to `glaztech-com.mail.protection.outlook.com` (bypassed MailProtector) | +| SPF | FAIL (86.38.225.18 not authorized) | +| DKIM | None (message not signed) | +| DMARC | FAIL (policy was p=none, no enforcement) | +| SCL | 1 (M365 did not flag as spam) | +| Composite Auth | pass, reason=703 | +| Content Language | English | + +Multiple unique Ref/ID hashes used across messages — each recipient received a unique tracking hash (phishing kit behavior). Heavily forwarded internally across 7 users. + +--- + +## Root Cause Analysis + +### Why the messages got through + +1. **Direct MX bypass.** DNS had two MX records: + - MX 5: `glaztech-com.inbound.emailservice.io` (MailProtector — correct) + - MX 10: `glaztech-com.mail.protection.outlook.com` (M365 direct — the bypass) + + Spammers intentionally skipped MX 5 and connected directly to MX 10, completely bypassing MailProtector's spam filtering. + +2. **No DMARC enforcement.** DMARC was set to `p=none` (monitor only). Despite SPF FAIL and no DKIM, M365's Exchange Online Protection (EOP) did not reject the messages because DMARC policy said "take no action." + +3. **Composite Authentication false positive.** M365's `compauth=pass reason=703` indicates "implicit allowed sender" heuristic — EOP trusted the messages despite explicit authentication failures. This is a known EOP behavior when DMARC policy is permissive. + +4. **Inbound connector misconfigured.** The existing "Inbound Spam Filter" connector had no IP restrictions (`SenderIPAddresses: []`, `RestrictDomainsToIPAddresses: false`) and no Enhanced Filtering — EOP could not distinguish direct-to-M365 traffic from MailProtector-relayed traffic. + +### Why MailProtector didn't help + +MailProtector was correctly configured as MX 5 and would have filtered these messages. The spammers simply bypassed it by connecting to MX 10 instead. + +--- + +## Remediation Actions + +### Immediate (completed 2026-04-17) + +| # | Action | Status | Effect | +|---|---|---|---| +| 1 | Removed MX 10 record from DNS (IX server) | Done | MailProtector is now the ONLY MX. Spammers cannot discover the M365 endpoint via DNS. | +| 2 | Updated DMARC from `p=none` to `p=reject; sp=reject` | Done | Spoofed glaztech.com messages are now rejected by any receiving server (including M365 itself). | +| 3 | Enabled Enhanced Filtering for Connectors (EFC) on inbound connector | Done | EOP now evaluates the original sender IP (not MailProtector's IP) for spam scoring. | +| 4 | Purged all phishing messages from all affected mailboxes | Done | 32 messages deleted across 8 users. | +| 5 | Saved forensic copies of both campaigns | Done | `.eml` + `.json` in `clients/glaztech/reports/`. | +| 6 | Onboarded Glaztech to remediation tool (admin consent + Exchange Admin role) | Done | Future investigations/cleanups can be performed remotely via Graph API. | + +### DNS changes (IX server, PowerDNS) + +**Zone file:** `/var/named/glaztech.com.db` +**Backup:** `/var/named/glaztech.com.db.bak-20260417` + +| Record | Before | After | +|---|---|---| +| MX | `5 glaztech-com.inbound.emailservice.io` + `10 glaztech-com.mail.protection.outlook.com` | `5 glaztech-com.inbound.emailservice.io` only | +| _dmarc TXT | `v=DMARC1;p=none;sp=none;...` | `v=DMARC1;p=reject;sp=reject;...` | +| Serial | 2026041001 | 2026041702 | + +### Exchange Online changes + +**Connector:** "Inbound Spam Filter" (ID `e868b1f3-e60b-40cf-b304-203d81eee6f5`) + +| Setting | Before | After | +|---|---|---| +| SenderIPAddresses | [] | [] (unchanged — IP restriction causes calendar failures) | +| RestrictDomainsToIPAddresses | false | false | +| EFSkipIPs | [] | `["162.248.93.233", "162.248.93.81", "65.113.52.82"]` | + +Note: IP restriction on the connector was intentionally NOT applied because it blocks legitimate calendar invites from external M365 tenants (learned from Dataforth incident). + +--- + +## Messages Purged + +### Campaign 1: "ATTN Mailbox Password" — 13 messages + +| User | Copies | Types | +|---|---|---| +| alexander@glaztech.com | 5 | Original + Fw + RE + Fw + RE | +| seastman@glaztech.com | 6 | Fw + RE + FW + RE + Fw + RE | +| dominic@glaztech.com | 2 | Fw + RE | + +### Campaign 2: "HR Paperwork Approval" — 19 messages + +| User | Copies | +|---|---| +| seastman@glaztech.com | 7 | +| jack@glaztech.com | 4 | +| dominic@glaztech.com | 4 | +| bryce@glaztech.com | 1 | +| cesar@glaztech.com | 1 | +| daryld@glaztech.com | 1 | +| holly@glaztech.com | 1 | + +**Note:** seastman@glaztech.com message from mike@azcomputerguru.com (our ticket reply) was NOT deleted. + +--- + +## Would the fixes have prevented these attacks? + +| Fix | Campaign 1 (Mailbox) | Campaign 2 (HR Paperwork) | +|---|---|---| +| **MX removal** | YES — spammer found endpoint via MX 10 | YES — same bypass method | +| **DMARC p=reject** | YES — SPF failed, DKIM missing | YES — same auth failure | +| **EFC** | No (mail didn't flow through MailProtector) | No (same) | +| **Both fixes together** | Blocked at 2 independent layers | Blocked at 2 independent layers | + +--- + +## Recommendations + +### Completed +- [x] MX 10 removed +- [x] DMARC tightened to p=reject +- [x] Enhanced Filtering enabled on connector +- [x] All phishing messages purged +- [x] Remediation tool onboarded for future investigations + +### Recommended follow-up +- [ ] Security awareness training for staff — multiple employees forwarded and replied to obvious phishing +- [ ] Review if any user clicked links in the phishing messages (check sign-in logs for suspicious auth attempts) +- [ ] Consider adding DKIM signing (DKIM CNAME records exist for selector1/selector2 but should verify they're active in M365) +- [ ] Monitor DMARC aggregate reports (rua=noreply@glaztech.com — should be a monitored mailbox or DMARC reporting service) +- [ ] Verify MailProtector configuration is optimal (separate from this M365 investigation) + +--- + +## Forensic Evidence Preserved + +| File | Contents | +|---|---| +| `2026-04-17-phishing-ATTN-mailbox-password.eml` | Full MIME of Campaign 1 original (18,935 bytes) | +| `2026-04-17-phishing-ATTN-mailbox-password.json` | Headers + body of Campaign 1 as JSON | +| `2026-04-17-phishing-HR-paperwork.eml` | Full MIME of Campaign 2 original (11,392 bytes) | +| `2026-04-17-phishing-incident-report.md` | This report | + +--- + +## Credentials / Access Used + +- **Remediation tool:** ComputerGuru - AI Remediation (App ID fabb3421-8b34-484b-bc17-e46de9703418) +- **Tenant:** 82931e3c-de7a-4f74-87f7-fe714be1f160 +- **Roles granted:** Exchange Administrator (on service principal) +- **DNS:** IX server (172.16.3.10), root access via SOPS vault + +--- + +*Report generated 2026-04-17 by Claude Code (AZ Computer Guru automated remediation tooling)*