Skip to content
spoofchief.com Spoofchief.com Docs
Docs
Blog

Managing Threats

Managing Threats

Once Spoofchief identifies potentially malicious domains, you’ll need a strategy for addressing these threats. This guide provides best practices for managing detected threats effectively.

Prioritizing Threats

Not all threats require the same level of attention. Use the risk levels and attack classifications provided by Spoofchief to prioritize your response:

Immediate Action Required

  • Critical risk phishing sites
  • Active scams targeting your customers
  • Domains with high visual similarity to your legitimate site

Watchlist Threats

  • Moderate risk domains
  • Typosquatting domains that aren’t actively malicious
  • Suspicious domains without clear phishing indicators

Low Priority

  • Low risk domains with minimal brand similarity
  • Inactive domains
  • Domains with poor visual mimicry

Reporting Malicious Domains

When you identify a malicious domain, there are several channels for reporting it:

Domain Registrars

Most domain registrars have abuse reporting systems:

  1. Find the registrar information in the investigation details
  2. Visit the registrar’s website and locate their abuse form
  3. Submit the domain along with evidence from Spoofchief

Hosting Providers

If the domain is actively hosting malicious content:

  1. Identify the hosting provider from the ASN information
  2. Contact their abuse department
  3. Provide screenshots and details from Spoofchief

Anti-Phishing Organizations

Several organizations specialize in taking down phishing sites:

Protecting Your Customers

When malicious sites are targeting your customers, consider these protective measures:

Customer Alerts

  • Send notifications to customers about known phishing attempts
  • Provide examples of what to look for
  • Remind customers about your official communication channels

Website Warnings

  • Add security notices to your website
  • Create a dedicated page listing known scams
  • Provide a way for customers to report suspicious communications

Security Awareness

  • Use real examples from Spoofchief to create educational content
  • Show side-by-side comparisons of legitimate vs. fraudulent sites
  • Explain how to verify authentic communications

Documenting Incidents

Keep records of all identified threats for future reference:

  1. Take screenshots of the investigation results
  2. Document actions taken and responses received
  3. Track when domains become inactive
  4. Note patterns in attack types or timing

Ongoing Monitoring

Threat management is an ongoing process:

Regular Reviews

  • Check the Spoof Dashboard daily for new threats
  • Re-investigate suspicious domains periodically to track changes
  • Review inactive domains occasionally to ensure they haven’t been reactivated

Pattern Recognition

  • Look for patterns in domain registrations
  • Note common elements across multiple spoofed sites
  • Identify recurring attack methodologies

Preventative Measures

  • Consider registering common misspellings of your domain
  • Monitor for brand terms in new domain registrations
  • Review your website security regularly