I just launched my startup and I got an email the other day telling ME that open enrollment for benefits has started and I need to send information by clicking the attachment.

We don't offer benefits. 😬

They had the company logo in shitty res as the signature.

Kind of curious to see what the HTM attachment was tho. It's obviously a phish. 🎣

I really do not understand why solutions like PGP are not common practice for email nowadays?! This should have happened alongside the push for SSL a few years back.

Is it possible for a business to simply do not offer email as a way of communication? Sure, scammers will always find a way, but it takes time to adapt and in the meantime there are lots of other fish in the sea..