All systems show clean by Malwarebytes, Vipre, online testers, etc.
Mail server (Windows Server 2008 R2) same
Phone - clean
Minimal online presence, no social media use, no FB, no Google/Gmail account (not on my phone either), no Verizon syncing on my phone, no syncing at all except to my personally run server for my mail.
Samsung S8 Rooted w/ DroidWall, 95% of things locked down, no Play Store, minimal apps.
Problem: Search a topic, next day (or a few days depending) scam/fake email shows up about that topic.
I want to know what tools, techniques, methods, forensic investigations I can do to track down the leak.