Perfect Authentication, Zero Payload: The Yahoo Free-Mail BEC That Microsoft Flagged but Didn't Block

**Executive summary:** A threat actor sent a zero-payload phishing email from [email protected] using a display name that matched a known internal contact to elicit account-change details; SPF/DKIM/DMARC passed (compauth=100), Microsoft generated an impersonation safety tip (SFTY:9.25) but delivered the message, and Themis flagged it at 68% confidence—one mailbox was quarantined and the report confirmed phishing.