One Hyphen From Trusted: A Lookalike-Domain Vendor Impersonation That Beat the Eye and the Authentication Stack
ID: 0575863a-91d4-5b19-850f-a7bccff4a36a
STIX ID: report--0575863a-91d4-5b19-850f-a7bccff4a36a
Feed Name: IRONSCALES
An attacker registered near‑identical lookalike domains and used the exact display name of a known supplier contact to send authenticated phishing emails through a sales outreach tool; SPF, DKIM, and DMARC all passed (the lookalike domain's DMARC was p=none), allowing delivery. The body contained a displayed-link vs href mismatch that scanning flagged malicious, and the message was ultimately detected by relationship analysis comparing the sending domain to the supplier's known domain; IOCs include precision-bevelus.com, precisionbevelinc.com, and [email protected].
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.
