A first-time sender using a personal Outlook address wrote to a packaging manufacturer's Brazil operation in Portuguese. The message claimed to be from a supplier, referenced a nota fiscal, said the previous boleto had been cancelled, and attached a replacement. Payment was due that same day.
There was no link in the message. The two PDF attachments were technically clean: no JavaScript, no AcroForm fields, no embedded URLs, no macros. SPF, DKIM, and DMARC all passed. Microsoft's own anti-spam engine pushed the message to Junk based on content scoring, but the authentication record was clean, and a recipient following standard verification habits would have had nothing obvious to flag.
The attack works because it sidesteps every control that depends on a URL or a known-bad infrastructure signature.
The message came from a personal outlook.com address with a handle that follows no naming pattern associated with any real supplier. It was the first time that address had ever contacted the recipient organization. The return path confirmed Microsoft infrastructure: delivery traveled through outbound.protection.outlook.com and multiple Microsoft PROD.OUTLOOK.COM hops.
That path is exactly what makes the authentication clean. Microsoft is legitimately authorized to send mail for outlook.com. Because the sender used a genuine Outlook account, all three authentication controls produced green results: SPF passed, DKIM passed, DMARC passed. There is no domain-level spoofing here. The attacker simply used free consumer mail infrastructure to send a message they signed themselves.
This is the core mechanic of business email compromise: no malware, no exploit, no compromised corporate account. Just a plausible persona and a payment instrument.
The Portuguese-language body contained invisible zero-width characters embedded in key strings. The analysis recovered two specific artifacts: a zero-width non-joiner between "NF" and the invoice number, and a byte-order mark character inside the word for "bank." Both render as invisible in any mail client.
The purpose is filter evasion through tokenization breaking. Spam classifiers and content filters work by matching against sequences of visible characters. When a zero-width character sits inside a token, the parser may split that string into two fragments, neither of which matches the rule. A human reading the rendered email sees normal Portuguese text. The classifier never sees the string it was trained to flag.
This technique maps directly to social engineering tactics that exploit the gap between what a system processes and what a human perceives. The attacker is betting that the two representations diverge, and that the defender is relying on the machine's view.
Both attachments were generated by an automated boleto creation tool. Neither contained any active content. No JavaScript, no form fields, no external references, no links. Standard sandboxing and static analysis return no verdict beyond "clean PDF."
The malice lives entirely in the document's content: a payment instrument naming an unverified third-party beneficiary as the payee, with a due date set for the same day the message arrived. The larger attachment carries all the fields a boleto requires to be processed: beneficiary name, tax identifier, payment amount, and due date.
This is the defining characteristic of invoice fraud at its most technically minimal. There is no payload to detonate. There is no URL to resolve. A scanner that evaluates whether a file is harmful in the traditional sense finds nothing. The harm is the instruction the file carries: pay this specific beneficiary this specific amount today.
The Brazilian NF-e system provides a chave de acesso (access key) that links a nota fiscal back to the Receita Federal's records. A legitimate invoice from a legitimate supplier will always carry that key. The body of this message contained no NF-e chave, no issuer tax identifier, and no phone number or corporate website. Those absences are the tell.
Run through the standard defensive checklist: no malicious URL for a link scanner, no macro for a sandboxer, no domain mismatch for an authentication check, no known-bad IP for a reputation lookup. Every tool that requires a technical artifact to assess found nothing actionable.
What the message did provide was a behavioral profile: a first-time external sender using a personal consumer mailbox, writing in Portuguese to a corporate finance contact, claiming supplier status without any supporting business identity, attaching a payment instrument with a same-day deadline, and embedding invisible characters in the body. That profile is detectable. It does not require a URL.
| Type | Indicator | Context |
|---|---|---|
| janwaygueller58353[@]outlook[.]com | Attacker-controlled personal Outlook account used as sender | |
| Behavior | First-time sender via personal consumer mailbox | No prior relationship with the recipient organization |
| Behavior | Same-day boleto due date | Payment urgency manufactured to reduce verification time |
| Behavior | Zero-width Unicode characters in body | Filter-evasion artifacts in invoice reference and banking term |
| Behavior | Boleto PDF naming unverified beneficiary | Payment instrument directing funds to unrelated third party |
| Behavior | No NF-e chave de acesso in body | Missing mandatory Brazilian fiscal traceability identifier |
| Auth | SPF pass, DKIM pass, DMARC pass | Legitimate Microsoft consumer infrastructure, not a spoofed domain |
Microsoft's EOP content classifier scored the message as spam (CAT:SPM, SCL:5) and delivered it to the Junk folder. That scoring reflected content and behavioral signals rather than authentication, because the authentication was clean. The classifier's verdict was correct, but it relied on probabilistic scoring rather than any deterministic technical indicator.
The lesson is the detection gap itself. Verizon's 2026 Data Breach Investigations Report places the human element in 62 percent of breaches. FBI IC3 2024 data ranks BEC and payment fraud among the highest-loss categories. CISA's guidance on phishing consistently emphasizes out-of-band verification for any payment request. A boleto that arrives by email from a first-time sender should never be processed without a callback to a known contact at the supplier, using a number already on file, before any payment is initiated.
See Your Risk: Calculate how many threats your SEG is missing
The attachment was clean. The authentication passed. The only thing that could stop this payment from going through was a phone call.
| Attack | What happened |
|---|---|
| SPF PermError Turned a Malformed Domain into an Invoice Fraud Launchpad | An attacker exploited a malformed SPF record that returned PermError instead of pass or fail, paired with a same-day-registered Reply-To domain. |
| The Attachment Every Scanner Called Clean (Because It Crashed Them First) | A malformed .docx.pdf attachment with a deliberately broken structure crashed every automated parser and returned a clean verdict by design. |
| A PDF Invoice Contained Bank Details for a Money-Mule Account | An invoice email delivered through SendGrid attached a PDF with bank routing details pointing to a money-mule account. |
| Release on Payment: Salvage Fraud Wrapped in a Click-Time URL Rewriter | A salvage-vehicle payment-fraud email passed SPF, DKIM, and DMARC while burying its sole CTA behind a url.emailprotection.link click-time wrapper flagged... |
| The Graduation Sash Invoice That Every Security Check Approved | A $3,645 invoice for 55 custom graduation sashes arrived at a school district, sent through Shopify's legitimate email infrastructure. |