Every week, I pull five of the real phishing attacks we caught in the Threat Intelligence series and ask the same question: what do they have in common? Not the mechanics. The mechanics are always different. The thesis. What were the attackers betting on?

This is the third roundup. A quick note on scope: most editions cover only the prior week's posts, but the five cases below span a wider window (early March through early April). They belong together anyway, because they all illustrate the same shift, and the shift matters more than the calendar.

The thesis is uncomfortable. Every one of these attacks was built for a specific recipient before it left the attacker's infrastructure. A specific person, a specific role, a specific vendor relationship, a specific company. The personalization happened at construction time, not at delivery.

Mass-spray phishing is still out there (and still paying the bills for the least sophisticated actors). The five cases I'm showing you below came from somewhere else. They came from someone who did the reconnaissance first.

5 Attacks. One Shift Worth Flagging.

The most revealing case of the week was also the one with no interaction required. In The PDF That Didn't Need You to Click Anything, a PDF impersonating an Adobe document share arrived with a single OpenAction directive buried in its object structure. Opening the file auto-launched a browser to a credential harvesting page on Render.com. No click. No form field. No embedded JavaScript for static scanners to flag. The attachment verdict came back clean because, at the bytecode level, it was. The threat lived in a pointer to somewhere else.

Then it got more personal. In The QR Code That Knew Your Email Address Before You Scanned It, a phishing PDF contained a QR code that decoded to a URL with the recipient's email address already encoded as a base64 fragment. Scan it, and the phishing landing page pre-filled your username before you'd typed a character. The email body was empty. The PDF contained no extractable text URLs. The entire attack chain lived inside pixels inside a document, and the pixels already knew who the target was.

In The Phishing Simulation Platform That Powered a Real Attack, attackers skipped the usual detour through sketchy hosting. They served their phishing kit's image assets straight from the S3 bucket of a commercial phishing simulation vendor. A tool sold to security teams to run phishing drills was quietly powering a live credential harvest. The assets were already hosted on infrastructure most security teams consider friendly, which is exactly why the attackers chose it.

And in The Law Firm Email That Passed Every Authentication Check (Because Google Sent It), a phishing notification impersonating a specific, named law firm arrived via Google Drive's own share-notification infrastructure. SPF, DKIM, and DMARC all passed. Google actually sent the message. The Reply-To header, though, pointed to a domain registered one day before delivery with no authentication records of its own. The From field earned every trust signal the inbox gives out. The response path quietly routed to an attacker.

When our Adaptive AI evaluates an incoming message, it doesn't start with "is this authenticated?" or "did the scanner return clean?" It starts with "who is this for, and does the behavior match?" Those questions caught all four of the above. They also caught the one I'm pulling up to the front, because it is the cleanest expression of the pattern.

Featured Attack: The One Letter That Wasn't There

A live invoice thread between a manufacturer and a real vendor. Three messages deep, routine back-and-forth, the kind of conversation that happens a thousand times a day across supply chains. Then a new message dropped into the thread. Same subject line. Same manufacturer brand on the invoice. Same tone. The From address used the real vendor domain. SPF passed. DKIM passed. DMARC passed. Three enterprise gateways cleared it.

Read the full incident breakdown here.

The trick was in the CC field. Four lookalike addresses sitting on a one-letter typosquat of the vendor domain. One letter missing, four times, in a list of recipients nobody ever reads carefully. The attacker was not spoofing the vendor. They were using the real vendor's domain in the From field so authentication would pass cleanly, while quietly populating the response population with their own lookalike addresses. Reply to the thread, and your message goes to the typosquat. Continue the conversation, and the attacker owns the reply chain.

I have to sit with the specifics of this one for a minute, because it's the cleanest version of the pattern. The attacker didn't need to compromise the vendor. They didn't need to breach the manufacturer. They needed a domain registration (cheap) and a thirty-second audit of a vendor's real invoice thread (available through any phishing kit that scrapes compromised inboxes). Everything else followed. Precision doesn't require sophistication. It requires reconnaissance.

Our Adaptive AI flagged the message on first-time-sender anomalies and AI-detected payment-change language patterns, then quarantined before anyone in AP hit reply. The three gateways that cleared the message weren't broken. They were doing exactly what they were built to do: confirm that the envelope and the From address aligned, that the signatures were valid, that the sender domain was not on a blocklist. All of that was true. And all of it was irrelevant to the attack.

The six-figure payment diversion attempt that followed never got its reply, because the reply never happened.

What Defenders Should Take From This Week

The five attacks in this roundup don't share a technique. They share an assumption that the attacker already knows something about you that the scanner doesn't. An employer, a vendor relationship, an email address, an executive identity, or a live invoice thread.

A few concrete takeaways:

1. Stop treating "clean attachment scan" as a clean verdict. A PDF with an OpenAction directive and no embedded code is, by static analysis, clean. It is also a zero-click credential harvester. Your detection has to look at behavior, not just bytes.


2. Read the CC field. Typosquat and lookalike addresses hide in CC precisely because nobody looks there. Any thread with financial or vendor payment implications deserves a recipient-list audit before a reply goes out.


3. Assume QR codes are targeted. Quishing has moved past generic MFA reset lures. If a QR code decodes to a URL with the recipient's email pre-encoded, that is not a spray campaign. Build detection that extracts and evaluates QR payloads, including base64 fragments.


4. Behavioral signals beat authentication signals. Four of this week's five attacks passed full email authentication. The ones that got caught were caught because our Adaptive AI was asking a different set of questions. Display-name mismatches, Reply-To divergence, first-time sender anomalies, and cross-tenant community intelligence flagged what SPF, DKIM, and DMARC never could.


5. If your vendor is whitelisted, so is everyone abusing their infrastructure. Phishing simulation platforms, marketing ESPs, and URL scanning services are common hops in modern attack chains. Trusting a domain because a security team bought a product at that domain is, at best, outdated.

See You Next Week

Attack of the Day publishes daily in the Threat Intelligence section. Next week: more attacks, more patterns, and probably another one that already knew the target before the send.