The email body said the account was on hold. The invoice details that explained why were in a JPEG. Text-based scanning systems found nothing to flag, because there was nothing in text to flag.
A long-established electronics distributor sent an email to a food-industry company's accounts payable function, copying multiple AP team members to create the appearance of a routine invoice-resolution thread. The message used the vendor's own authenticated sending infrastructure: SPF passed, DKIM passed, DMARC passed under a quarantine policy. The relay path ran through Microsoft's outbound protection servers. Nothing in the authentication record distinguished this from a legitimate vendor communication.
The body contained two things: a statement that the recipient's account was on hold pending invoice clearance, and a reference to a backlog of approximately $30,000. Everything else (every invoice number, date, line amount, and reference code) lived inside a JPEG attachment.
JPEG is a binary image format. It contains compressed pixel data, not readable text. Text-based content-inspection tools (including most data loss prevention systems deployed at the email gateway layer) process string content. When a scanner receives image004.jpg and evaluates it, it sees a 34-kilobyte binary file with a clean AV verdict. It does not see invoice 03188910 due in seven days, or invoice 03190644 showing an outstanding balance, or the column headers "A/R Amount," "Remit-to Loc," and "Due Date" that together communicate the full financial pressure.
The recipient's eye does. The JPEG rendered a table with multiple invoice rows, dates, and amounts. An accounts payable analyst looking at that image has everything they need to process payment, and nothing in the email's text field has triggered a single scanner rule.
Image-based phishing is the technique category. The mechanism has been documented in business email compromise campaigns for years precisely because the DLP gap is structural, not a misconfiguration. A text scanner without OCR capability cannot be patched to read JPEG content. MITRE ATT&CK T1566.001 covers spearphishing via attachment; T1656 (impersonation) applies to the sender identity claim; T1204.002 (user execution: malicious file) captures the social-engineering requirement: the recipient must open and act on the image for the fraud to succeed.
See Your Risk: Calculate how many threats your SEG is missing
The message arrived from a named individual at a company that has operated for approximately thirty years. The company is a real organization with a public website and documented operations. WHOIS registration data confirms a California presence active since 1996. The domain passes all three authentication checks.
The named sender, however, could not be publicly verified as an employee of that company through open-source checks. No professional profile matching the name and company pair appeared in the analysis. That absence, combined with the high-risk sender flag and the invoice-fraud pressure pattern, is consistent with business email compromise via a compromised account: an attacker who has authenticated to a legitimate mailbox and is using the vendor's real sending infrastructure to apply payment pressure to known customer contacts.
The CC'd AP team addresses amplified the illusion of legitimacy. A mass-harvested or previously-observed list of accounts payable contacts copied into a thread creates the appearance of an ongoing collection workflow. It also pressures recipients: if multiple colleagues appear to be aware of the outstanding balance, ignoring it feels riskier.
Authentication compliance is load-bearing for many gateway filtering decisions. A message with SPF pass, DKIM pass, and DMARC pass from a recognized vendor domain is unlikely to be routed to quarantine by a rule-based system. That is precisely the operating condition invoice fraud campaigns exploit when they use compromised vendor accounts rather than spoofed or lookalike domains.
The detection surface for this attack is behavioral: a sender whose identity cannot be independently verified at the sending organization; urgency language tied to a specific dollar figure; financial detail delivered entirely in a format that text scanners cannot process; and a recipient list curated for maximum pressure on a payment function. None of those signals require a malicious link or a flagged domain. All of them require a detection layer that models relationship context and message intent rather than checking authentication compliance alone.
When a vendor's account is compromised, the attacker does not just gain access to a mailbox. They gain access to the vendor's contact history, their tone and signature conventions, their authentic sending infrastructure, and the trust their domain has built with the receiving organization's security systems. That trust is the attack surface.
| Type | Indicator | Context |
|---|---|---|
| Sender domain | Anonymized: long-established California electronics distributor | 30-year-old domain; full SPF/DKIM/DMARC pass; sender identity unverifiable; compromised-legitimate |
| Sender address | Anonymized | Named individual not publicly verifiable at the company; consistent with compromised account |
| Attachment | image004.jpg (JPEG, 34 KB) | Image-only invoice table; no bank routing data visible; all financial figures in binary format, invisible to text DLP |
| Body pressure | "Your account is on hold as of today until all below invoices are cleared" | Account-hold language with ~$30K reference in email body; invoice detail in JPEG only |
| CC recipients | Anonymized: multiple AP team addresses | Curated AP contact list creates appearance of escalation workflow |
| Attack | What happened |
|---|---|
| The Security Tool That Delivered the $48,500 Invoice Fraud | A $48,500 invoice fraud routed through a Votiro email sanitization relay, which paradoxically introduced an SPF softfail. |
| Accounts Payable Display-Name Spoof Delivers a Teams-Branded Payment Lure to a CFO via SendGrid | Attackers registered astevenltd.com, set the From display name to an Accounts Payable identity. |
| No Text, No Links, No Forms: How an Image-Only ACH PDF Bypassed DLP for Payment Diversion | A 'Signed ACH draft authorization' PDF carrying bank routing and account numbers arrived as a scanned image: no text layer, no links, no forms. |
| The Reply-To Was One Letter Off: How a Typosquat Domain Turned a Gmail BEC Into a Payment Diversion | A Gmail-authenticated BEC used a typosquat Reply-To domain and a hidden HTML mailto mismatch to impersonate a steel distributor's credit manager. |
| The PayPal Invoice That Passed Every Check Because PayPal Actually Sent It | A canceled PayPal invoice for $50 arrived with perfect SPF, DKIM, and DMARC authentication because PayPal's own infrastructure sent it. |