The Subdomain That Fused Two Trusted Brands Into One Convincing Lie

Attackers provisioned a subdomain under Zix's secureemailportal.com (fidelityusa.secureemailportal.com) to send authenticated-looking spearphishing messages to a community bank's business banking inbox, leveraging Zix's DKIM/SPF/DMARC reputation while directing replies to an attacker-controlled domain (fidelity-usa.com); behavioral detection of sender/Reply-To divergence flagged and quarantined the messages before credential harvesting succeeded.