It can be difficult to filter an E-mail message, based on the wording in the E-mail.

Sample:

To: Recipients <direcciondedeportes@cerrolargo.gub.uy>
From: "Isabel Rosa " <direcciondedeportes@cerrolargo.gub.uy>
Date: Sun, 07 Feb 2021 13:00:30 -0800
Reply-To: charleswjacksonjunior12@gmail.com

Congratulations. $1, 000, 000 dollars was donated to you by Mr Charles W Jackson Jr, Kindly respond for more details to enable you to claim the 1,000,000.00 dollars that was donated to you Charles W Jackson Jr.

In this case:

1. the E-mail really did originate from a (compromised?) E-mail ID of a government of Uruguay employee.
2. the ID in the "Reply-To:" tag is distinctly different from the ID in the "From:" field.
3. bad punctuation -- a "comma" instead of a "period" before "Kindly".
4. bad grammar -- "you by Mr Charles" used once, and "you Charles" used once.
5. no mention of "widow" of "African prince" with "millions" in a "suspense account".
6. no mention of "please contact my solicitor".
7. no reference to "shortened-URLs", e.g., http://bit.ly/spammers_tag_goes_here

So, it has some elements that are found in a "spam" E-mail, and it is missing some elements.

A friend has told me that their E-mail was "hacked", and I suspect that all their E-mail "contacts" were "harvested" by the spammers, including my E-mail ID. That made me a target for "spoofed" E-mail -- using a falsified "From:" line to reference my friend's ID, and the message was sent to my E-mail ID. The message was "I am travelling in Europe, and have lost my credit-card and passport. Send money, urgently".

That’s what I suspect.
Something has changed as it is a day and night difference.

Yep, junk mail filter has been letting a lot of spam through lately.   A lot more than before.  Something has changed.  

@kayos -- Something has changed.  

Spammers have their own work-schedule, including "uptime" and "downtime".  So, I think that it is possible that spammers are now "awake" (post-Xmas, post-SuperBowl-55, post-Xmas-on-the-beach in the southern hemisphere) and are generating more output.

Here's a screen-capture of messages received over the recent weekend:

Shaw's filters tagged 1 out of these messages -- a typical "advance-fee" fraudulent scheme.

Note the spurious "apostrophe" -- inserted to avoid matching "spammy" words.

Note that the spammer(s) did not include anything in the "body" of each message -- nothing for a spam-filter to pattern-match against. Their mistake!

Actually, my comment about an empty "body" of the spammer's E-mail was not correct.

Instead, probably due to hand-crafting of the E-mail message, the markup for MIME-encoding is incorrect:

Content-Type: text/html;charset="utf-8"
Content-Transfer-Encoding: base64
X-CMAE-Envelope: MS4xfKygQDqDxzhgOI/ukUKpxb1m+UCfa9JuI33Ecierj6ZbB4sPvZ386s2wj633965CQSIimQubhllTUZDCFGmPgg48h/VyFPrw1LKGCrSza80i8EibbSSP
SpdX9stX58duh7QVu19S5J9Uc06FCkBiSkq6Wt2g7LdTlO3SKFtfE5zDEgRVgGIFrzNPHYS+sxJ2Ow==

PGRpdiBzdHlsZT0ibGluZS1oZWlnaHQ6MS43O2NvbG9yOiMwMDAwMDA7Zm9udC1zaXplOjE0cHg7
Zm9udC1mYW1pbHk6QXJpYWwiPjxjZW50ZXI+77u/PGNlbnRlcj4NCg0KDQo8YSBocmVmPSJodHRw
czovL0NOTi1ORVdTLmItY2RuLm5ldC9DTk4tbmV3czEuaHRtbCI+PGltZyBzcmM9Imh0dHBzOi8v
Q05OLU5FV1MuYi1jZG4ubmV0L0QuT1oucG5nIj48L2E+DQo8L2NlbnRlcj4NCjxjZW50ZXI+DQo8
YSBocmVmPSJodHRwczovL0NOTi1ORVdTLmItY2RuLm5ldC9DTk4tbmV3czIuaHRtbCI+PGltZyBz
cmM9Imh0dHBzOi8vQ05OLU5FV1MuYi1jZG4ubmV0L291dC1ELk9aLnBuZyI+PC9hPg0KPC9jZW50
ZXI+DQoNCg==

Shaw WebMail does not decode that MIME-encoded text -- starting with "PGR" -- resulting in a "blank" appearance, when viewing the message.

By using: http://www.base64decode.net that block of text decodes to HTML that links to an image, and links to the spammer's web-page.  Thus, the (decoded) "body" of the E-mail does not contain any words, e.g., "widow" & "prince" & "millions" & "African".  So, the Shaw spam-filters have no possibility of detecting such "bad" words.

There seems to be only one spammer, or maybe, several users using the same technique: abusing Amazon's Elastic Cloud Service (ECS) to send their E-mail directly to Shaw's mail-server -- not sending their spam through the ECS' mail-server (where it possibly could be spam-filtered).

Doesn't matter, Shaw should be doing more to block Spam,  It wasn't like this until a couple weeks ago and it wasn't like this before Christmas so your "schedule" idea is wrong.