"We have detected a login attempt to your NetSuite account" is the content of an email that looks like a phishing attempt. The link inside the email takes me to a non-netsuite Netsuite login page. Normally I would ignore it but this email is a Netsuite generated email coming from a specific account in the header : X-NetSuite: c=4320xx; s=a239.prod.phx.na7.core.ns.internal; I receive it to two of my unique email addresses. I am going to log it to Netsuite as I haven't had any relationship to the account 4320... Has anyone else seen a similar email? The full email text is as follows: Login Confirmation Dear User, We have detected a login attempt to your NetSuite account. To ensure the security of your account, we request that you confirm this login and verify your security questions. If you recently attempted to log in, please click the button below to confirm your login and check your security information. Confirm Login (link removed) If you did not initiate this login attempt, please ignore this email or contact our support team immediately. © 2024 NetSuite. All rights reserved. This message was sent automatically. Please do not reply to this email.

thats deadly. Users are bound to click that one

Netsuite responded to my support case and apparently have contacted the admins of the accounts that were originating the phishing emails. Today I received another attempt but this email did not originate from NS infrastructure. It's a good reason that everyone should be using 2FA as a minimum.