logo

The FedEx Freight Invoice That Came From Inside the CRM

ID: 17974cc0-4810-530e-ac50-1e4097ce0811

STIX ID: report--17974cc0-4810-530e-ac50-1e4097ce0811

Feed Name: IRONSCALES

Threat Score
70/100

Date Published: 2026-06-12

Date Updated: 2026-06-21

Author: [email protected] (Audian Paxson)

...
...

An invoice-rebill spearphishing attack targeted a logistics firm by sending a legitimate-looking email from FedEx Freight's Salesforce CRM (authenticated via DKIM/DMARC) requesting a bill-to change on invoice #0584162950; the message, relayed through a Securence gateway (causing an SPF softfail), contained no links or attachments and was detected by Themis at 83% confidence, quarantining four mailboxes.

Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.