Full Authentication Pass, Zero Legitimacy: How a 26-Day-Old Domain Ran ACH Fraud
ID: e2245aa8-67da-5ee7-911c-44200e533342
STIX ID: report--e2245aa8-67da-5ee7-911c-44200e533342
Feed Name: IRONSCALES
Attackers registered the domain miaminternationalyachtsales.com and, after ~25 days, sent an "ACH Payment Completed" PDF via SendGrid that passed SPF/DKIM/DMARC; the PDF contained no malicious links but used social engineering and urgency to target accounts-payable. Microsoft classified the message as high-confidence phishing (CAT:HPHISH) despite clean authentication, and the report provides IOCs (domain, attacker email, Utah phone) and recommends mandatory out-of-band verification for newly-registered financial-themed senders.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.
