Approve: Biscuits and Bath request

From: Fernando Brea <fbrea@biscuitsandbath.com>Mar 29, 2026, 6:57 PMd6b469cb...466d79

completedSuspicious84%

Suspicious84% confidence

This message is suspicious due to strong sender-authentication failures (SPF fail, DMARC fail, no DKIM), an approval/request lure, and reliance on an attached spreadsheet while claiming to be from Biscuits & Bath. Deep analysis of the XLSX did not reveal extracted URLs, QR codes, or obvious malware indicators, but the attachment contains embedded image/drawing content and could not be fully content-expanded by automation. The visible links in the email appear to be benign social/media or Mimecast-wrapped brand links, so the primary risk is the impersonated sender plus attachment-based social engineering rather than a clearly malicious URL.

PhishingAttachment-BasedBrand Impersonation

URLs analyzed6

Malicious URLs0

Suspicious URLs0

Documents1

Artifacts1

QR codes0

URL Signals

6 analyzed

Benignurl.de.m.mimecastprotect.com

https://url.de.m.mimecastprotect.com/s/8GPICDqGZlCj8rBZ8...?domain=biscuitsandbath.com/

Benignurl.de.m.mimecastprotect.com

https://url.de.m.mimecastprotect.com/s/bDlvCEqJXmC1ZoWjZCpi0S7T1ea?domain=facebook.com

Benignurl.de.m.mimecastprotect.com

https://url.de.m.mimecastprotect.com/s/s8RMCGRLXoFWzZJ9zfQsYSBSyl-?domain=twitter.com

Benignurl.de.m.mimecastprotect.com

https://url.de.m.mimecastprotect.com/s/XOMjCJ8OKrTpjL8ojHvtxSyYnC2?domain=instagram.com/

Benignwww.facebook.com

http://www.facebook.com/biscuitsandbath

Benigntwitter.com

https://twitter.com/BiscuitsandBath

Documents

1 processed

ArchiveBISCUITS & BATH.xlsx

0 URLs · 0 QR · 1 risk flags · 1 artifacts

Authentication

spfFail

dkimNone

dmarcFail

Envelope

From

Fernando Brea <fbrea@biscuitsandbath.com>

Reply-To

n/a

Attachments