emails_filled.json

{
  "emails": [
    {
      "category": "credential_theft",
      "subject": "Important: Action Required to Restore Secure Access to Your Corporate Account",
      "body": "Dear User,\n\nWe are conducting an urgent security review of all corporate accounts following a recent update to our identity and access management platform. Our monitoring systems have detected irregular sign\u2011in behavior associated with your profile, and, as a precaution, your account has been placed into a limited\u2011access state.\n\nUntil you complete the security verification process, certain services \u2013 including email synchronization, shared file drives, and remote VPN connections \u2013 may be intermittently unavailable. This measure is intended to protect your data and prevent unauthorized use of company resources.\n\nTo re\u2011enable full access, you must validate your credentials and confirm that the recent activity originated from you. Please complete the secure verification procedure within the next 24 hours:\n\n1. Click the secure verification link below from a desktop or laptop computer.\n2. Sign in using your current corporate username and password.\n3. On the next screen, re\u2011enter your password to confirm ownership of the account.\n4. Review the recent sign\u2011in sessions shown and select \u201cThis was me\u201d or \u201cThis was not me\u201d as appropriate.\n\nSecure Verification Portal:\nhttps://access\u2011review.example.com/secure/login\n\nIf you do not complete this required step within 24 hours, your account may remain restricted and you could lose access to important internal resources, including time\u2011sensitive messages from leadership and payroll notifications. Completing the verification takes only a few minutes and helps us ensure that your credentials have not been compromised.\n\nThis automated message is part of our enhanced security initiative. Do not forward this email externally. If you believe you have received this message in error, or if you have any difficulty accessing the verification portal, please contact the internal security desk using the phone number listed on the company intranet rather than replying directly to this email.\n\nThank you for your prompt attention to this matter and for helping us maintain a secure working environment.\n\nSincerely,\nCorporate Security Operations Center"
    },
    {
      "category": "bec_fraud",
      "subject": "CONFIDENTIAL \u2013 Immediate Assistance Needed on Vendor Remittance (Do Not Forward)",
      "body": "Hi Sarah,\n\nI am boarding now for the long\u2011haul flight to Singapore and will have very limited connectivity once we are in the air. Before I lose signal I need you to help me finalize an urgent payment related to the Apex Horizons acquisition. Legal is still drafting the public communications, so this must remain strictly confidential between us and Finance for the moment.\n\nWe have agreed to settle an outstanding onboarding fee with one of the advisory vendors that supported the preliminary negotiations. This is time\u2011sensitive and needs to be cleared today so that our counterparts in Asia can release the final documentation before their close of business. I do not want this held up because of internal processing delays.\n\nPlease work directly with the vendor\u2019s accounts officer on this so you don\u2019t get bogged down in the usual approval cycles. They have been instructed that you are acting on my direct authority for this transaction. Use the updated settlement account they provided this morning and ensure that Treasury processes it as a same\u2011day international wire.\n\nBeneficiary: Silver Crest Advisory Pte. Ltd.\nBank: Eastern Capital Bank\nSWIFT: ECBLSG22\nIBAN: SG89 2234 9988 0011\nReference: AHA\u2011Onboarding\u2011Fee \u2013 Confidential\nAmount: USD 184,700.00\n\nI need a payment confirmation and copy of the wire advice emailed to their accounts officer as soon as this is released so they can keep their team on standby. Do not copy anyone else on that message; I will brief the rest of the leadership group after I land and once the acquisition news is ready to share.\n\nIf Compliance asks questions, let them know this is related to \u201cProject AHA\u201d transition costs and that we are processing under my delegated signing authority. There is no time to loop in the full review committee today.\n\nPlease treat this as your top priority this afternoon and keep me updated by replying directly to this thread. I will check email intermittently from the aircraft but may not be reachable by phone.\n\nThanks for moving quickly on this.\n\nMark\nGroup CEO"
    },
    {
      "category": "invoice_fraud",
      "subject": "Re: Updated Billing Details and Overdue Invoice \u2013 Action Required Today",
      "body": "Dear Accounts Payable Team,\n\nI hope this message finds you well. We are writing in reference to the outstanding balance on your account relating to recent maintenance and support services provided by Northshore Facilities Group. Our records show that invoice NS\u20114739, originally issued last month, remains unpaid despite the net\u201130 terms that were agreed in the service contract.\n\nAfter a routine internal audit, we identified that our banking partner has completed a migration of several legacy corporate accounts to a new treasury platform. As part of this process, the settlement account that appears on your original invoice is now restricted for inbound payments, and any transfers sent there may be automatically rejected or substantially delayed.\n\nTo avoid issues with payment reconciliation and ensure that your account continues to reflect good standing, we have attached a revised copy of invoice NS\u20114739 showing our updated remittance details. Please discard the previous version and update your vendor master records to use the new account information going forward for all invoices issued by Northshore Facilities Group.\n\nUpdated remittance details:\nBeneficiary: Northshore Facilities Group\nBank: Continental Commercial Bank\nAccount Number: 442918003\nRouting Number: 02600940\nPayment Reference: NS\u20114739 / Facilities Maintenance\n\nKindly arrange for settlement of the outstanding amount within the next two business days and confirm by replying to this email with the payment date, reference used, and remitting bank. If payment has already been initiated to the prior account, please inform us immediately so that we can coordinate with our treasury team to trace and correctly allocate the funds.\n\nAs a valued client, your timely response will help us avoid any interruptions to scheduled maintenance visits, emergency on\u2011call coverage, or compliance inspections at your sites. If your internal policy requires a formal vendor change notice, please let us know and we will provide the necessary documentation.\n\nThank you for your prompt attention to this matter.\n\nBest regards,\nMelissa Carter\nAccounts Receivable\nNorthshore Facilities Group"
    },
    {
      "category": "tech_support",
      "subject": "Service Ticket Update: Unusual Activity Detected on Your Workstation \u2013 Verification Needed",
      "body": "Hello,\n\nThis is an automated follow\u2011up regarding the background security ticket that was opened for your workstation after last night\u2019s scheduled network maintenance. Our endpoint protection system flagged a series of unusual configuration changes originating from your device that require manual review.\n\nSpecifically, we observed repeated connection attempts from your workstation to external hosts that are not part of our approved business services list, along with changes to certain local policies that control how updates are applied. While these events may be the result of legitimate software activity, we are required to validate them and confirm that your system remains compliant with corporate standards.\n\nTo streamline this process and minimize downtime, we have initiated a quick remote diagnostic workflow. Please follow the steps below from the affected workstation within the next 4 hours so that we can complete the verification before the automated lockout policy is triggered:\n\n1. Save any open work and close all applications that are not currently in use.\n2. Open your web browser and navigate to the secure support console using the link below.\n3. When prompted, sign in with your usual network username and password.\n4. Click \u201cAuthorize Diagnostic Session\u201d to allow the support agent to collect configuration logs and run standard integrity checks.\n\nSecure Support Console:\nhttps://support\u2011console.example\u2011desk.com/session\n\nOnce you have completed these steps, the remote diagnostic will run in the background and should only take a few minutes. You may continue to work during the scan, but you may notice a brief slowdown while the integrity checks are performed. If potential issues are found, a technician will follow up with you directly using the contact details associated with your profile.\n\nIf you are unable to access the secure support console from the affected workstation, please attempt the process from another device and indicate this in your response so we can adjust the verification workflow accordingly.\n\nThank you for helping us keep our systems secure and compliant.\n\nIT Service Desk"
    },
    {
      "category": "malware_delivery",
      "subject": "Scanned Documents from Main Office Copier \u2013 Review Before 5:00 PM Today",
      "body": "Team,\n\nThe front office completed a bulk scan of the signed onboarding and compliance forms that were dropped off this morning. Because several of these documents contain sensitive personal and contractual information, we are circulating them internally for review and confirmation before they are archived.\n\nTo keep the file size manageable and avoid clogging the mail gateway, the scan batch has been compiled into a compressed archive. The archive is stored on the shared document relay and is accessible only to recipients of this message. You will need to download and open the archive to view the individual PDF files.\n\nPlease follow the steps below prior to 5:00 PM today:\n\n1. Click the document relay link below from a company\u2011issued workstation.\n2. When prompted, select \u201cDownload\u201d to save the archive to your desktop.\n3. Double\u2011click the downloaded file and choose \u201cExtract All\u201d to unpack the contents.\n4. Open the PDFs relevant to your department and verify that all pages have been signed and initialed where required.\n\nDocument Relay Link:\nhttps://docs\u2011relay.comp\u2011share.com/archive/Onboarding_Packet_Q2\u2011review.zip\n\nIf you receive any warning prompts during the download or extraction process, select \u201cAllow\u201d or \u201cRun Anyway\u201d so the file can be opened. These prompts are expected because the archive contains multiple embedded files and is larger than the usual email attachment limit.\n\nOnce your review is complete, please reply to this email confirming that your required documents are present and correctly signed. If you notice any discrepancies or missing forms, flag them in your response so that HR can follow up with the new hires.\n\nThank you for your timely review.\n\nAdministrative Services"
    }
  ]
}