logo

A Phishing Link Wearing Two Security Vendors' Badges: Inside a Benefits-Enrollment Credential Lure

ID: e0b5d03a-7749-5f96-b18a-6ede63678c49

STIX ID: report--e0b5d03a-7749-5f96-b18a-6ede63678c49

Feed Name: IRONSCALES

Threat Score
70/100

Date Published: 2026-07-06

Date Updated: 2026-07-06

Author: [email protected] (Audian Paxson)

...
...

A sophisticated phishing email impersonating Regions Bank used dual trusted link-rewriting services (Egress Defend and Barracuda) to launder a credential‑harvesting link (encoded target aemf.org) while authenticating through Amazon SES (hatmi.sa) and passing SPF/DKIM/DMARC; behavioral and contextual detection, not reputation checks, identified the malicious intent and quarantined affected mailboxes.

Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.