The best way to review and address findings in the Web Module will vary by organization. Here’s a good practice to start with.
Step 1: Check Takedown Malicious
Start by looking at the list of sites presented under the “Takedown Malicious” Bolster action.
These are the sites automatically detected by Bolster’s engine and are often clear-cut phishing sites. If automated takedowns are enabled on your account, there is no further action required on your end. However, if you have elected to manually review each site found, you will need to click on the URL and hit the “Request Takedown” option found on the Insights page.
Step 2: Use the Logos Detected Filter
From the main Web dashboard, use the “logos detected” filter to see if there are any Pre-Malicious sites that might be infringing on any of your trademarks.
If trademark abuse is a use case included in your Bolster license, you can make a request for takedown if there’s unauthorized use of you marks. Trademark and/or copyright abuse cases do typically tend to take a lot more time compared to the takedowns of phishing sites.
Step 3: Use the MX Records Filter
From the main Web dashboard, use the “MX Records” filter to find any parked sites that have an associated Mail Exchange record associated with it. Be sure to turn off the Logo Detected filter, first.
If any of these domains are high risk, consider working with your IT team to block emails coming from these domains to help prevent any business email compromise (BEC) type of scams from occurring. Furthermore, if you have any recurring communications that go out to your partners or key clients, it might also be good for you to inform them of these domains as well.
Step 4: Use the Google/Bing Searches Filter
From the main Web dashboard, use the “Google/Bing Searches” filter. Be sure to turn off the other filters first.
There are scenarios where threat actors may use SEO strategies to support their fraudulent sites or scams using your brand’s keywords. Bolster does detect these sites by running actual Google and Bing searches. Using the filter for Google/Bing searches will help you understand if there are any suspicious sites that were initially found by running these searches.
Step 5: Check the Pre-Malicious Sites
Navigate to the full list of “Pre-Malicious” sites being monitored by Bolster and sort by “First Seen” date in descending order. This will have the newest sites appear at the top of the list.
You can then use the “Category” field to further narrow down the results to those that might be of interest to your team. The category selected may depend on your use case, your team’s responsibilities, and/or even your business vertical. Some popular categories used in filters include: Sensitive Data, BEC, Domain Parking, and Cryptocurrency.