The email arrived in the accounts payable queue of a specialty ingredients manufacturer. The subject line read "ACH payment Sensient," referencing a separate chemical and flavors company with no apparent connection to the sender's domain. The body contained exactly two words: "ACH payment detail."
SPF passed. DKIM passed. DMARC returned a policy of quarantine. The sender was listed as a first-time external contact to the AP mailbox, and the risk score was flagged high. But the authentication checks were clean.
The invoice itself was not text. It was an image.
Embedded in the email body was a PNG image, 1,068 by 618 pixels, approximately 63,000 bytes. The image contained a fully formatted invoice: a dollar amount of $2,492.46, a due date, and a reference number. None of that information existed as extractable text anywhere in the email.
This is a deliberate evasion technique. Email security platforms that rely on text extraction to identify payment fraud indicators (amounts, bank routing details, urgency language, company names) can only analyze what the parser can read. A raster image is opaque to text analysis without an OCR pass. In this case, OCR was not available in the processing environment, meaning the invoice content was invisible to automated inspection.
The only scannable content in the entire email was the two-word body text. No links. No attachments in the traditional sense (the image was inline in the body, not a separate attached file). No URLs to evaluate. The attack had zero traditional payload surface for a gateway to evaluate.
The subject line named one company. The sending domain belonged to a different organization. The invoice's reference number cited a transaction not obviously connected to either party. This cross-company mismatch is a signal that does not require reading the image to detect.
In a legitimate AP workflow, an invoice should arrive from the vendor the payment is intended for, or from a clearly identified billing agent. When the sender's domain and the invoice beneficiary are different companies with no established relationship visible in the recipient's prior correspondence, that mismatch warrants verification before processing. Attackers exploit the high-volume, first-scan-then-process workflow of AP departments to slip invoices through on the strength of authentication alone.
A business email compromise variant that specifically targets AP with image-based invoices is particularly effective in large organizations where AP staff may not have direct knowledge of every vendor relationship. A plausible invoice from a recognizable domain, with clean auth and a small dollar amount below the payment authorization threshold for a second review, can move through an AP queue without escalation.
The email's ARC (Authenticated Received Chain) returned a failure at hop 2 (i=2). ARC records track message authentication state as email passes through relay servers. A failure at hop 2 indicates that something in the delivery chain between the originating server and the recipient's mail environment modified the message after it was originally signed, likely a content inspection gateway or mail relay that added headers, altered the MIME structure, or appended a footer.
This ARC failure provides useful forensic context. It tells investigators that the message was processed by an intermediate system, which may be relevant to understanding the full relay path. It also suggests that the message's authentication state at origin may have been cleaner than what was presented at final delivery. For defenders, an ARC failure is not itself an attack indicator. It is a common artifact of enterprise mail relay architectures. In combination with the other signals in this email, it adds context to the delivery story.
Themis, the IRONSCALES Adaptive AI engine, flagged this message through behavioral signals rather than content analysis. The relevant detection inputs included: a first-time external sender to an AP mailbox, a sender domain flagged as high risk, a two-word body that provides no legitimate business context, an embedded raster image as the only content, and a subject line referencing a payment involving a different company than the sender.
None of those signals require reading the invoice image. They describe a pattern (a first-time sender, a minimal body, an image-as-payload, a cross-company reference) that behavioral analysis can evaluate at the message level. This is the category of detection that authentication-dependent gateways cannot provide.
The multiple quarantined mailboxes indicate that the same or similar message was distributed to several AP contacts within the organization, consistent with a targeted campaign rather than an isolated test send.
See Your Risk: Calculate how many threats your SEG is missing
Organizations with high-volume AP workflows should layer several controls against image-only invoice fraud. Require out-of-band verification for any ACH payment request received by email, regardless of authentication status. Flag all first-time external senders to AP mailboxes for additional human review. Implement OCR-capable scanning on image payloads embedded in business email. Apply cross-reference checks between the sending domain and the payment beneficiary named in any invoice or subject line. And establish dollar-threshold escalation policies that send suspicious invoices to a secondary reviewer even when the amount appears small.
The $2,492 amount in this case is deliberately modest. It falls below thresholds that would trigger automatic escalation in many AP systems, while still representing a successful fraudulent payment if processed. This kind of calibrated request is a hallmark of social engineering designed to pass under the radar of financial controls.
| Type | Indicator | Context |
|---|---|---|
| Sending Domain | keystonenatural[.]com | Specialty ingredients manufacturer; domain not attacker-controlled |
| Image Payload | image002.png | 1068x618 raster image, 63,801 bytes; invoice content not text-extractable |
| Invoice Amount | $2,492.46 | Payment amount visible in image only |
| Invoice Reference | REF NO. 5234084 | Reference number in image; due date 5/23/2026 |
| Subject Cross-Reference | "ACH payment Sensient" | Sender domain and payment beneficiary are different organizations |
| ARC Status | ARC=fail(48) at i=2 | Message transformation at hop 2 in delivery chain |
| Technique | ID | Relevance |
|---|---|---|
| Phishing: Spearphishing Attachment | T1566.001 | Invoice delivered as inline image body rather than extractable text |
| Obfuscated Files or Information | T1027 | Raster image encoding of financial data evades text-based inspection |
| Impersonation | T1656 | Sender domain used to impersonate AP relationship with payment reference |
| Attack | What happened |
|---|---|
| Past-Due Invoice Email With an Unscannable XLSX That Cisco AMP Could Not Verdict | A past-due invoice demand for over $230,000 arrived with full SPF, DKIM, DMARC, and ARC authentication. |
| A Fake Geek Squad Invoice Built by wkhtmltopdf With a mailto as the Only Way Out | A Hotmail account delivered a fake Geek Squad invoice as a PDF generated by wkhtmltopdf 0.12.6, a tool that converts HTML templates to PDF at scale. |
| The Reply-To Was One Letter Off: How a Typosquat Domain Turned a Gmail BEC Into a Payment Diversion | A Gmail-authenticated BEC used a typosquat Reply-To domain and a hidden HTML mailto mismatch to impersonate a steel distributor's credit manager. |
| The PayPal Invoice That Passed Every Check Because PayPal Actually Sent It | A canceled PayPal invoice for $50 arrived with perfect SPF, DKIM, and DMARC authentication because PayPal's own infrastructure sent it. |
| The Invoice PDF Whose Filename Broke the Sandbox | An invoice PDF was named with an embedded carriage return and line feed sequence (CR/LF) that caused the sandbox to fail with a file-not-found error. |