The Security Tool That Delivered the $48,500 Invoice Fraud

A $48,500 payment-diversion BEC targeted a mid-size financial institution using a fabricated multi-turn email thread and a programmatically generated PDF invoice; the message transited a Votiro CDR relay that sanitized attachments but broke SPF/DKIM/DMARC alignment, causing DMARC failure while still delivering the message due to trusted relay behavior. The report includes IOCs (sender email and domain, relay IP/hostname, attachment hashes, bank routing/account details), maps to relevant MITRE techniques, and provides mailbox and CDR policy recommendations to prevent similar attacks.