Question for you. There is a "locked lock" icon next to the sender in proton mail. Was this ICON next to the sender when tntline would send emails? Or was it an open lock?
I Would set up a signature on protonmail first and foremost having them change their passwords and setup 2FA. These scams work because the CUSTOMERS email is compromised. Everyone should immediately change their passwords, and enable 2fa. As well as go to SETTINGS>Security>Session management (right corner) and make sure there are no malicious log ins, and if so revoke them.
Next remind people to verify the email address they are communicating with, as well as things like any other red flags. ie changing btc addresses, unlocked lock icon, etc, etc.
For the last 2 months my signature has been as follows in an attempt to wan people of this stuff. I started to notice a sharp increase in compromised emails, as well as the pattern of people re-using forum passwords, on their emails.
These scammers/hackings really make a strong case for using PGP for all communication. This kind of scam can't work if both parties are encrypting their own messages.
S-