Hi,
There are always the same paters for mail attacks.
most of the stupid one are ocmming in the same way ---
Same attachment name or a name that can be catched using regex to a number of mail addresses in your organization in a small period of time.