TL;DR An invoice fraud attack delivered a $2,492 payment request as an embedded raster image to prevent text extraction. The sending domain passed SPF, DKIM, and DMARC checks. The email body contained only the text 'ACH payment detail.' The invoice image referenced a different company in the payment subject line. Multiple accounts payable mailboxes were quarantined. No links, no attachments, and no scannable text meant that detection required image-level analysis and behavioral signals.
Severity: High Invoice Fraud Ap Targeting Ocr Evasion MITRE: {'id': 'T1566.001', 'name': 'Phishing: Spearphishing Attachment'} MITRE: {'id': 'T1027', 'name': 'Obfuscated Files or Information'} MITRE: {'id': 'T1656', 'name': 'Impersonation'}
The email arrived in the accounts payable queue of a specialty ingredients manufacturer. The subject line read "ACH payment Sensient," referencing a separate chemical and flavors company with no apparent connection to the sender's domain. The body contained exactly two words: "ACH payment detail."
SPF passed. DKIM passed. DMARC returned a policy of quarantine. The sender was listed as a first-time external contact to the AP mailbox, and the risk score was flagged high. But the authentication checks were clean.
The invoice itself was not text. It was an image.
The Payload: A JPEG That Security Tools Cannot Read
Embedded in the email body was a PNG image, 1,068 by 618 pixels, approximately 63,000 bytes. The image contained a fully formatted invoice: a dollar amount of $2,492.46, a due date, and a reference number. None of that information existed as extractable text anywhere in the email.
This is a deliberate evasion technique. Email security platforms that rely on text extraction to identify payment fraud indicators (amounts, bank routing details, urgency language, company names) can only analyze what the parser can read. A raster image is opaque to text analysis without an OCR pass. In this case, OCR was not available in the processing environment, meaning the invoice content was invisible to automated inspection.
The only scannable content in the entire email was the two-word body text. No links. No attachments in the traditional sense (the image was inline in the body, not a separate attached file). No URLs to evaluate. The attack had zero traditional payload surface for a gateway to evaluate.
Cross-Company Mismatch as a Fraud Signal
The subject line named one company. The sending domain belonged to a different organization. The invoice's reference number cited a transaction not obviously connected to either party. This cross-company mismatch is a signal that does not require reading the image to detect.
In a legitimate AP workflow, an invoice should arrive from the vendor the payment is intended for, or from a clearly identified billing agent. When the sender's domain and the invoice beneficiary are different companies with no established relationship visible in the recipient's prior correspondence, that mismatch warrants verification before processing. Attackers exploit the high-volume, first-scan-then-process workflow of AP departments to slip invoices through on the strength of authentication alone.
A business email compromise variant that specifically targets AP with image-based invoices is particularly effective in large organizations where AP staff may not have direct knowledge of every vendor relationship. A plausible invoice from a recognizable domain, with clean auth and a small dollar amount below the payment authorization threshold for a second review, can move through an AP queue without escalation.
ARC Failure and the Delivery Fingerprint
The email's ARC (Authenticated Received Chain) returned a failure at hop 2 (i=2). ARC records track message authentication state as email passes through relay servers. A failure at hop 2 indicates that something in the delivery chain between the originating server and the recipient's mail environment modified the message after it was originally signed, likely a content inspection gateway or mail relay that added headers, altered the MIME structure, or appended a footer.
This ARC failure provides useful forensic context. It tells investigators that the message was processed by an intermediate system, which may be relevant to understanding the full relay path. It also suggests that the message's authentication state at origin may have been cleaner than what was presented at final delivery. For defenders, an ARC failure is not itself an attack indicator. It is a common artifact of enterprise mail relay architectures. In combination with the other signals in this email, it adds context to the delivery story.
Detection Without Text to Extract
Themis, the IRONSCALES Adaptive AI engine, flagged this message through behavioral signals rather than content analysis. The relevant detection inputs included: a first-time external sender to an AP mailbox, a sender domain flagged as high risk, a two-word body that provides no legitimate business context, an embedded raster image as the only content, and a subject line referencing a payment involving a different company than the sender.
None of those signals require reading the invoice image. They describe a pattern (a first-time sender, a minimal body, an image-as-payload, a cross-company reference) that behavioral analysis can evaluate at the message level. This is the category of detection that authentication-dependent gateways cannot provide.
The multiple quarantined mailboxes indicate that the same or similar message was distributed to several AP contacts within the organization, consistent with a targeted campaign rather than an isolated test send.
See Your Risk: Calculate how many threats your SEG is missing
Defensive Considerations
Organizations with high-volume AP workflows should layer several controls against image-only invoice fraud. Require out-of-band verification for any ACH payment request received by email, regardless of authentication status. Flag all first-time external senders to AP mailboxes for additional human review. Implement OCR-capable scanning on image payloads embedded in business email. Apply cross-reference checks between the sending domain and the payment beneficiary named in any invoice or subject line. And establish dollar-threshold escalation policies that send suspicious invoices to a secondary reviewer even when the amount appears small.
The $2,492 amount in this case is deliberately modest. It falls below thresholds that would trigger automatic escalation in many AP systems, while still representing a successful fraudulent payment if processed. This kind of calibrated request is a hallmark of social engineering designed to pass under the radar of financial controls.
Indicators of Compromise
| Type | Indicator | Context |
|---|
| Sending Domain | keystonenatural[.]com | Specialty ingredients manufacturer; domain not attacker-controlled |
| Image Payload | image002.png | 1068x618 raster image, 63,801 bytes; invoice content not text-extractable |
| Invoice Amount | $2,492.46 | Payment amount visible in image only |
| Invoice Reference | REF NO. 5234084 | Reference number in image; due date 5/23/2026 |
| Subject Cross-Reference | "ACH payment Sensient" | Sender domain and payment beneficiary are different organizations |
| ARC Status | ARC=fail(48) at i=2 | Message transformation at hop 2 in delivery chain |
MITRE ATT&CK Mapping
| Technique | ID | Relevance |
|---|
| Phishing: Spearphishing Attachment | T1566.001 | Invoice delivered as inline image body rather than extractable text |
| Obfuscated Files or Information | T1027 | Raster image encoding of financial data evades text-based inspection |
| Impersonation | T1656 | Sender domain used to impersonate AP relationship with payment reference |
Email Attack of the Day is a daily series from
IRONSCALES spotlighting real phishing attacks caught by Adaptive AI and our community of 35,000+ security professionals. Each post breaks down a real attack. What it looked like, why it worked, and what to do about it.
/case_study_thumb_telit.webp?width=1136&height=639&name=case_study_thumb_telit.webp)
/Leadership%20Headshots/Audian%20Paxson%20Headshot%201000x1000%20032026.webp?width=100&height=100&name=Audian%20Paxson%20Headshot%201000x1000%20032026.webp)
/Misc%20Icons/icon-red-teaming-agent-gradient-simple.svg)
/Misc%20Icons/icon-phishing-soc-agent-gradient-simple.webp?width=158&height=167&name=icon-phishing-soc-agent-gradient-simple.webp)
/Misc%20Icons/icon-phishing-simulation-agent-gradient-simple.svg)
/Misc%20Icons/icon-nav-encryption.svg)
