Missing details – real leaks often include recent transactions or bank names. Fake ones usually don’t. Patterns – like card numbers going up in order, or emails like bob1@gmail, bob2@gmail, etc.

If a third-party is breached corporate email address users are at risk. Email addresses are useful for all sorts of attacks that could be mounted against an organisation: Credential stuffing. This is ...