Abuse Mailbox

Abuse Mailbox Dashboard

The Abuse Mailbox Dashboard offers a real-time view of phishing and scam detection, reported threats, and takedown progress through analytics and visualizations.

This makes it easier to identify trends for further investigation. For example, you may spot an increase in phishing attempts targeting your brand. That could prompt you to go deeper into the findings, analyze specific threat indicators via the Targeted Malicious screen, and take proactive action.

Date Range

Select a date range in the upper right corner of the Dashboard. The data reflects emails received during that period. Threats may appear regardless of their First Seen date if they were found in an email within the selected range.

Reported Emails Overview

This part of the dashboard provides a high-level overview of the emails Bolster has analyzed.

Overall Email Submission

This section summarizes email reporting activity during the chosen date range, helping you spot trends in potential threats and take mitigation steps:

Count of all emails reported
Count of users who have made reports
Daily trends graph (hover over points for daily counts)

Overall Email Submission Breakdown

This section uses automated analysis to cut through the noise in customer-reported emails. By seeing which emails were targeting your brand and which were not, you can find the threats that matter without extensive manual triage.

The categories are:

Targeted Malicious – Confirmed harmful and targeting your brand specifically, often using your branding to appear legitimate. For example, an email supposedly from your support team, asking users to make payments on a fake website.
Generic Malicious – Harmful, but generic or referring to brands other than yours. Phishing, spam, or other malicious threats not specifically related to your brand.
Official Emails – Confirmed to be safe and legitimate communications from your brand’s official domain, containing verified branding. For example, a real renewal confirmation email sent from your official customer service address.
Other – Not confirmed to be either official or malicious. Might have brand-like elements but don’t fit the above categories. For example, an email requesting a political donation.

Targeted Malicious Emails Analytics

This part of the dashboard shows the volume of malicious emails by type, the tactics bad actors are using to scam your customers, and how the threats have been mitigated. Drill down from here for deeper insights. This section is your gateway to threat intelligence and action.

Malicious Report Distribution Across Email and SMS

Compare report counts for each threat type:

Phishing Links – Deceptive URLs designed to steal sensitive info by mimicking legitimate sites. For example, a fake bank email asking users to log in via a fraudulent link.
Scam Links – Links leading to fraudulent sites that trick users into payments, fake downloads, or personal data theft. For example, a site claiming the user won a prize and asking for credit card details.
Malicious Sender Domains – Sender domains used for phishing, scams, or malware, often mimicking real domains (typosquatting). For example, amozon.com instead of amazon.com.
Malicious Intent – Deceptive emails designed to manipulate or scam, even without obvious phishing links or malware.
Malware Attachments – Harmful files (PDF, ZIP, DOCX, EXE) designed to steal data or disrupt systems. For example, an invoice attachment that installs spyware.
Malicious Phone Numbers – Scam-related phone numbers used for fraud, phishing, or impersonation. For example, a fake support number urging users to call to “cancel a charge.”

Bolster analyzes SMS messages reported in email form, including screenshots.

For more, see Managing Reported Emails.

Breakdown of Where Malicious Links and Phone Numbers Were Found in Emails

See what part of the email malicious content was extracted from:

Email Body – URL or phone number in the email text. For example, a phishing email with a fake “reset password” link.
Email Attachment – URL or phone number in an attached file, such as a fake invoice PDF.
Email Image – URL hidden in an image to bypass text-based security. For example, a promo image that links to a phishing site.
Email QR Code – URL embedded in a QR code, requiring a scan to access.

Select Phish & Scam to see how many of the total extracted links were found in each location.

Select Malicious Phone Number to see how many of the total extracted phone numbers were found in each location.

Takedown Time Analytics

Compare average, median, and total takedown times for Phish and Scam links to see how quickly Bolster neutralizes threats and protects your brand.

View the domains with the highest report counts, categorized by Threat Actor Domains and User Domains. Identifying these domains helps you uncover attack patterns, block threats, and take action.

Threat Actor Domains are the domains used by attackers to send malicious emails. These domains are further annotated with icons indicating if Bolster has found them to be malicious, suspicious, or clean. Hover over an icon to see the label.

User Domains are the domains of customers who have reported emails to your organization’s abuse mailbox.

Top 5 Most Reported Malicious Threats

Identify the most recurring threats across multiple emails to prioritize remediation for maximum impact. View threat origin and status, and see them grouped by category (Phish, Scam, Sender Domain, and Phone Number).