logo

One Hyphen From Trusted: A Lookalike-Domain Vendor Impersonation That Beat the Eye and the Authentication Stack

ID: 0575863a-91d4-5b19-850f-a7bccff4a36a

STIX ID: report--0575863a-91d4-5b19-850f-a7bccff4a36a

Feed Name: IRONSCALES

Threat Score
70/100

Date Published: 2026-07-02

Date Updated: 2026-07-02

Author: [email protected] (Audian Paxson)

...
...

An attacker registered near‑identical lookalike domains and used the exact display name of a known supplier contact to send authenticated phishing emails through a sales outreach tool; SPF, DKIM, and DMARC all passed (the lookalike domain's DMARC was p=none), allowing delivery. The body contained a displayed-link vs href mismatch that scanning flagged malicious, and the message was ultimately detected by relationship analysis comparing the sending domain to the supplier's known domain; IOCs include precision-bevelus.com, precisionbevelinc.com, and [email protected].

Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.