I think there was a major attempt at phishing before Christmas - turns out at least two people I know fell for it, after which all their emails and contacts in the TT email system were deleted, and in one case a filter was applied so that any emails arriving were redirected. This meant that the person then lost access to Facebook briefly, and begging emails were sent supposedly from the targetted address with a reply-to of a different one, with a similar username but different domain. We know of requests to buy Amazon and Air BnB vouchers.
We did manage to get back into the accounts, and throw other logged in machines out and get control back. I then got the person to set up MFA as well, which is a problem as some older people don't understand how to properly secure their systems.