Contents hide
1 Step 1: Check Takedown Malicious
2 Step 2: Use the Logos Detected Filter
3 Step 3: Use the MX Records Filter
4 Step 4: Use the Google/Bing Searches Filter
5 Step 5: Check the Pre-Malicious Sites
Web

Best Practices: Reviewing Web Findings

The best way to review and address findings in the Web Module will vary by organization. Here’s a good practice to start with.

Step 1: Check Takedown Malicious

Start by looking at the list of sites presented under the “Takedown Malicious” Bolster action.

These are the sites automatically detected by Bolster’s engine and are often clear-cut phishing sites. If automated takedowns are enabled on your account, there is no further action required on your end. However, if you have elected to manually review each site found, you will need to click on the URL and hit the “Request Takedown” option found on the Insights page.

Step 2: Use the Logos Detected Filter

From the main Web dashboard, use the “logos detected” filter to see if there are any Pre-Malicious sites that might be infringing on any of your trademarks.

If trademark abuse is a use case included in your Bolster license, you can make a request for takedown if there’s unauthorized use of you marks. Trademark and/or copyright abuse cases do typically tend to take a lot more time compared to the takedowns of phishing sites.

Step 3: Use the MX Records Filter

From the main Web dashboard, use the “MX Records” filter to find any parked sites that have an associated Mail Exchange record associated with it. Be sure to turn off the Logo Detected filter, first.

If any of these domains are high risk, consider working with your IT team to block emails coming from these domains to help prevent any business email compromise (BEC) type of scams from occurring. Furthermore, if you have any recurring communications that go out to your partners or key clients, it might also be good for you to inform them of these domains as well.

Step 4: Use the Google/Bing Searches Filter

From the main Web dashboard, use the “Google/Bing Searches” filter. Be sure to turn off the other filters first.

There are scenarios where threat actors may use SEO strategies to support their fraudulent sites or scams using your brand’s keywords. Bolster does detect these sites by running actual Google and Bing searches. Using the filter for Google/Bing searches will help you understand if there are any suspicious sites that were initially found by running these searches.

Step 5: Check the Pre-Malicious Sites

Navigate to the full list of “Pre-Malicious” sites being monitored by Bolster and sort by “First Seen” date in descending order. This will have the newest sites appear at the top of the list.

You can then use the “Category” field to further narrow down the results to those that might be of interest to your team. The category selected may depend on your use case, your team’s responsibilities, and/or even your business vertical. Some popular categories used in filters include: Sensitive Data, BEC, Domain Parking, and Cryptocurrency.

Updated on February 23, 2024
Was this article helpful?
Yes No
Thanks for your feedback
Related Articles
Using Social Media Search Terms

Use Social Media search terms to define the Social Media findings of interest. A search term consists of: Example To…
App Store Dashboard

The App Store dashboard gives you a snapshot of your defense activities on popular app stores. Monitor app stores to…
Social Media Dashboard

The Social Media dashboard gives you a snapshot of your defense activities across social media platforms. Monitor social medial to…