Real breach investigations, written start to finish.

Each report rebuilds the full attack, from how the intruder got in to everything they did next, backed by a complete timeline and MITRE ATT&CK mapping. Investigated by Forge members in our hands-on SOC Simulator, CTF labs, and real phishing samples that hit our inbox.

A partner-uber[.]com Impersonation Attempt: What the Headers and Auth Chain Revealed

by: Marcie TolbertPublished on: 12/07/2026

A phishing email received at MYDFIR's business inquiry inbox impersonated Uber via a hyphenated look-alike domain, sent from an IP mapped to a domain-parking service with zero email authentication configured.

reports
A partner-uber[.]com Impersonation Attempt: What the Headers and Auth Chain Revealed

Want to write reports like these?

Forge members investigate real attacks live in the SOC Simulator, CTF labs, and real phishing samples that land at MYDFIR, then publish their work here. Every report you read is the analyst's own investigation.