The SOC Alert That Came From a Compromised FinTech: An Authenticated BlueVine Sender Delivering a Typosquat Link Buried in Operational Context
ID: 3d11498c-3b58-589a-9359-e193aabb1110
STIX ID: report--3d11498c-3b58-589a-9359-e193aabb1110
Feed Name: IRONSCALES
Threat Score
A phishing campaign abused an authenticated BlueVine mailbox to send a believable SOC quarantine notification that embedded a typosquat credential-harvesting link (http://gmial.com); the message passed SPF/DKIM/DMARC and was quarantined after IRONSCALES flagged the domain with a high risk score and failed DNS resolution.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.