The Invoice Portal Link That Didn't Need a Password
ID: 192b9bc5-e27f-53ab-bf66-80b216cb72e4
STIX ID: report--192b9bc5-e27f-53ab-bf66-80b216cb72e4
Feed Name: IRONSCALES
Threat Score
An invoice phishing campaign spoofing Ecocert delivered Mailgun-authenticated emails containing a tokenized JWT link to a real billing portal (app.upflow.io) that allowed anyone with the URL to view invoices without logging in; the message included a PDF with an IBAN for a 380 EUR payment and a 1x1 tracking pixel confirming mailbox activity — four mailboxes were quarantined and the attack was flagged by Themis.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.
