In July 2018, US-CERT raised an alert regarding the Emotet banking trojan, which is also being used to distribute a secondary malware known as Trickbot This alert provided recommendations on how businesses can mitigate their exposure to the Trojan. Unfortunately, criminals have adopted new techniques to bypass these recommendations. Domain hijacking is an attack with the intention to control an existing domain name, redirecting traffic once destined for a legitimate server to a new malicious destination. This attack fools both human and technology elements that may have once whitelisted the domain.
Source: https://www.bleepingcomputer.com/news/security/malware-distributors-adopt-dkim-to-bypass-mail-filters/