logo

The Government Card Alert That Lost Its Authentication in Transit

ID: 6348343d-96d0-578f-949a-0e5ca23cd36d

STIX ID: report--6348343d-96d0-578f-949a-0e5ca23cd36d

Feed Name: IRONSCALES

Threat Score
50/100

Date Published: 2026-06-19

Date Updated: 2026-06-19

Author: [email protected] (Audian Paxson)

...
...

A targeted phishing/vishing message impersonating the Direct Express government card program was delivered via SendGrid/Conduent and relayed through a Cisco IronPort gateway; authentication passed upstream but failed at the recipient (SPF/DKIM/DMARC), the gateway flagged it as 'Phish' yet an allow-list caused SCL=-1 and the message landed in the inbox. The email contained a phone number and reference to the legitimate site (vishing lure), included a SendGrid tracking pixel confirming mailbox activity, and the report lists relevant IOCs and MITRE ATT&CK mappings.

Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.