There is a possibility that some URLs may not be detected by the Axur platform, such as:
Content not indexed on the web
Content is not identifiable through API
Targeted attacks
In these cases, users can manually add tickets for monitoring or action.
Attention! Before proceeding with the steps below, make sure there is no ticket already created on the Axur platform. For more information, please refer to the Manual Ticket Search article.
To do this, you need to access the corresponding area for the type of ticket you want to create. It is essential to create tickets in the appropriate workspace, with the correct asset and corresponding ticket type, to ensure proper evidence collection and accurate notifications.
Examples:
Page offering a fake mobile app download ⇾ Fake mobile app (Digital Frauds)
Social media page impersonating your brand ⇾ Fake social media profile (Digital Frauds)
Page collecting credentials and passwords ⇾ Phishing (Digital Frauds)
Attention: When creating a Phishing ticket, the platform automatically checks whether the hostname already has open tickets. If it does, a warning appears before creation, informing you of a possible duplicate hostname and allowing you to choose whether to proceed or cancel. This verification helps prevent duplicates and reinforces that handling and takedown occur at the hostname level, covering all related URLs.
Page using your brand without collecting data ⇾ Fraudulent use of brand (Digital Frauds)
Page exposing sensitive content ⇾ Other sensitive data (Data Leakage)
Page with illegal advertisement for fake products ⇾ Counterfeit product or irregular sale (Online Piracy)
Once you have accessed the area, click on “Add Ticket” in the upper right corner of the page:
Next, a pop-up will appear on your screen; there you must fill in the asset to which the threat refers, the ticket type, as exemplified in the listing above, and the URL that contains the threat. Fill in these fields, and the ticket will be created.
When selecting the desired ticket type, the platform will give the user the option to create tickets for incidents or send the case to Quarantine when a potential threat is identified but doesn't yet constitute fraud. In this case, the ticket will be placed in the Quarantine tab of the workspace for monitoring. These URLs are closely monitored for a period of time. If there is any activity that progresses into an attempted fraud, the user can proceed with a Takedown request.
However, if the ticket is already created as an Incident, the Takedown can still be requested (either immediately or later).
Batch ticket addition
Within the same pop-up, the user can choose to create multiple tickets. Simply click on “Create more than one ticket…” and the pop-up will be reconfigured so that in the URL input field, it's possible to add multiple links that will generate different tickets, as shown in the image below:
Remember: batches of created tickets should address the same type of threat! In case of multiple URLs related to different types of threats, the tickets should be created separately in the correct workspace and according to the threat classification.
After creating the ticket, the user can add more details and request actions and treatment. To learn more about this, access the article Actions and Details within a ticket.
Fraudulent Emails
When creating a ticket, the ticket URL field should only contain the domain responsible for the fraud, and the ticket type should be Similar Domain Name.
Example: It was identified that the email “[email protected]” is sending fake invoices for a customer. In the ticket, only the domain, in this case, frauds.com, should be entered as the URL.
The email header must be attached to the ticket.
It must be attached to the ticket in .eml, .txt, or .pdf format and allow us to copy the text for proper notification completion.
For information on obtaining a header, refer to the article Complete Email Header.
If possible, it is also helpful to attach evidence from the body of the received text.
Cases of gmail.com or outlook.com emails
As these are reputable domains, it is not possible to create tickets with gmail.com or outlook.com in this offer. Therefore, the ticket creation should be for Fraudulent Brand Use, following this pattern in the URL:
https://[email protected]
https://[email protected]
As it is a fraudulent email, the attachment of the message header is also mandatory in this creation.
For more information, access the article on Fraudulent Emails.
If you have any questions, feel free to reach out at [email protected] 😊