A Phishing Link Wearing Two Security Vendors' Badges: Inside a Benefits-Enrollment Credential Lure
ID: e0b5d03a-7749-5f96-b18a-6ede63678c49
STIX ID: report--e0b5d03a-7749-5f96-b18a-6ede63678c49
Feed Name: IRONSCALES
Threat Score
A sophisticated phishing email impersonating Regions Bank used dual trusted link-rewriting services (Egress Defend and Barracuda) to launder a credential‑harvesting link (encoded target aemf.org) while authenticating through Amazon SES (hatmi.sa) and passing SPF/DKIM/DMARC; behavioral and contextual detection, not reputation checks, identified the malicious intent and quarantined affected mailboxes.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.
