The FedEx Freight Invoice That Came From Inside the CRM
ID: 17974cc0-4810-530e-ac50-1e4097ce0811
STIX ID: report--17974cc0-4810-530e-ac50-1e4097ce0811
Feed Name: IRONSCALES
Threat Score
An invoice-rebill spearphishing attack targeted a logistics firm by sending a legitimate-looking email from FedEx Freight's Salesforce CRM (authenticated via DKIM/DMARC) requesting a bill-to change on invoice #0584162950; the message, relayed through a Securence gateway (causing an SPF softfail), contained no links or attachments and was detected by Themis at 83% confidence, quarantining four mailboxes.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.
