Not the same thing, but relatedly, every legit email I receive from my health insurance is functionally indistinguishable from phishing. They always bounce me through a million weird domains too. It's very discomfiting and makes me worry that I won't be able to pinpoint a legit phishing attempt because it won't stand out.
In the same vein, every corporate "security training" email I've received that's been outsourced to a third party vendor looks indistinguishable from spam and phishing, the exact things it goes on to train you not to open. I scare-quote that because they're universally worthless training programs used to tick boxes on compliance forms and not actual training, so I happily flag them as spam.
I've also recieved company-wide corporate gifts (like $5 digital gift cards) distributed through extremely spammy looking vendors with dubious looking links.
The same goes for the overwhelming majority of vendors, recruiters, and outsourcing companies that are cold-emailing me, it all looks like 50 shades of scam.
Yes, this! I had an email from a 3rd party telling me about required training, click the link and use my employee credentials to log in.
Other training has been posted as a to-do in our individual HR account portal, and this was an external site, so it set off warning flags. Not only that, the name of the 3rd party was a legit company, but the site the email linked to was not that company's domain. Big red flag! Curious as I am, I run whois on both domains. Completely different registration info!
So, confident I've identified a phishing attempt and concerned it might have been shotgunned to many people, I notify the appropriate people. Was it a scam? Nope! In fact the person I notified was quite frustrated because a month earlier there had been an email that, sometime in the future, there would be $X training coming up. Yeah, a month later I had no recollection of a generic HR notification that (when I looked in my archive) made no mention that it would not be using the standard secure MFA HR portal used to link out to all other training.
This was all about 4 months after a similar required security training, which was accessed via the usual HR portal, and which listed about half a dozen phishing red flags that the new training violated. But not to worry, my workplace takes security seriously. I guess their seriousness is just very unevenly distributed. It's a good thing we're not really a high value target for hackers.
The weird domain stuff is something related to SSO I feel, and it is HIGHLY indistinguishable from phishing.
So all the "just be smarter" talk from ten years ago about checking your domains, etc is out the window. scammerbillz.biz is ACTUALLY your hospital billing service, too bad.
I love the weird domains - billing is sometimes outsourced through x redirections, and they use weird third party email hosts (CISCO secure email etc) that is halfway broken with CSS for you to upload your employee rosters (complete with socials and DOB's etc).
The domains for these are always commically like phising domains (secure-bank-email.valimail.com etc).
