logo

Full Authentication Pass, Zero Legitimacy: How a 26-Day-Old Domain Ran ACH Fraud

ID: e2245aa8-67da-5ee7-911c-44200e533342

STIX ID: report--e2245aa8-67da-5ee7-911c-44200e533342

Feed Name: IRONSCALES

Threat Score
70/100

Date Published: 2026-06-30

Date Updated: 2026-07-02

Author: [email protected] (Audian Paxson)

...
...

Attackers registered the domain miaminternationalyachtsales.com and, after ~25 days, sent an "ACH Payment Completed" PDF via SendGrid that passed SPF/DKIM/DMARC; the PDF contained no malicious links but used social engineering and urgency to target accounts-payable. Microsoft classified the message as high-confidence phishing (CAT:HPHISH) despite clean authentication, and the report provides IOCs (domain, attacker email, Utah phone) and recommends mandatory out-of-band verification for newly-registered financial-themed senders.

Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.