https://w3nch.github.io/categories/phishing--digital-risk/Recent content in Phishing & Digital Risk on Hello w3nchHugo -- gohugo.ioen-usThu, 05 Feb 2026 00:00:00 +0000https://w3nch.github.io/writeups/letsdefend/alerts/soc326---impersonating-domain-mx-record-change-detected/Thu, 05 Feb 2026 00:00:00 +0000https://w3nch.github.io/writeups/letsdefend/alerts/soc326---impersonating-domain-mx-record-change-detected/Event ID: 304 Rule Name: SOC326 – Impersonating Domain MX Record Change Detected Severity: HIGH Category: Brand Protection / Phishing Event Time: September 17, 2024 – 12:05 PM Impacted Asset: LETSDEFEND Background Sometimes attackers don’t kick the door down — they quietly make a copy of your house key first. In this case, the threat actor registered a look-alike domain and configured email infrastructure before launching a phishing campaign. What initially appeared to be an early warning quickly escalated into active exploitation, resulting in a user clicking a malicious link and communicating with attacker-controlled infrastructure.