Fraudulent Tracking

The Fraudulent Tracking tab in Brand Protection is a powerful workspace designed to monitor, validate, and manage fraudulent activities targeting your organization across social media, messaging platforms, and websites. AttackMetricx centralizes all fraudulent reports, provides full investigative context, and equips teams with tools to take swift action against impersonation and abuse.

By consolidating URLs, metadata, screenshots, and evidence into one streamlined view, this module ensures that every fraudulent incident is logged, validated, and traceable from detection to takedown. It transforms what is often a manual, chaotic process into a professional, auditable workflow that demonstrates the true strength of the platform.

Whitelisted URLs

Within the Fraudulent Tracking tab, organizations sometimes encounter links that, although similar to fraudulent patterns, are in fact legitimate and trusted (e.g., official partner pages, verified social accounts, or approved third-party links). To prevent these from being misclassified as fraudulent, the platform provides the Submit Whitelisted URL feature.

How it works:

• Clicking the Submit Whitelisted URL right top button opens a form where users can paste one or multiple URLs.

• Once saved, these entries are treated as safe and excluded from fraudulent detection results, ensuring that the dashboard only highlights true risks.

This capability demonstrates the precision of AttackMetricx, giving customers complete control to fine-tune monitoring according to their real-world brand landscape.

Submit Fraud

The Submit Fraud feature allows organizations to directly report and register fraudulent assets (e.g., fake social media pages, impersonating websites, or malicious ads) inside the platform. This ensures that any unauthorized use of your brand is captured, tracked, and managed systematically.

How it works:

• Click Submit Fraud to open the submission form.

• Enter one or multiple fraudulent URLs that represent fake accounts, phishing sites, or other brand impersonations.

• Click Save to add these fraudulent entries into the tracking system.

Why it matters:

• Every fraud submission creates an official record in Fraudulent Tracking, making it visible to your team for investigation and action.

• These records can then be assigned a severity level, status, and linked with evidence such as screenshots or metadata.

Refresh Button

The Refresh button allows customers to instantly validate the status of fraudulent URLs already being tracked.

• Purpose:

  Instead of waiting for scheduled checks, customers can trigger a real-time verification to see if any URLs have been successfully taken down since the last review.

• How it works:

  • When pressed, the system checks all pending or unresolved fraudulent URLs.

  • It revalidates their availability across platforms (e.g., Facebook, Instagram, Telegram).

  • If a URL has been removed, its status is automatically updated in the dashboard.

• Confirmation Prompt:

  Upon clicking, a confirmation message appears:

  “This refresh will check the status of URLs that have not been taken down and verify if any new URLs have been taken down.”

  Customers can either proceed (Yes Do It) or cancel the action.

Key Metrics Overview

At the top of the Fraudulent Tracking tab, the system provides a set of real-time performance metrics that summarize takedown activities and analyst engagement. Each of these widgets is clickable allowing users to instantly drill down and view the exact cases behind the number.

• Total Completed Takedowns

  Shows the cumulative number of fraudulent cases successfully taken down. Clicking it opens the full list of completed takedowns.

• Completed Takedowns Last 24 Hours

  Highlights takedown actions resolved in the past 24 hours. If no entries exist, it confirms no new takedowns were finalized during this period.

• Completed Takedowns Last Week

  Displays all cases removed in the last 7 days. Clicking gives quick visibility into short-term progress.

• Completed Takedowns Last Month

  Tracks fraudulent entries that were taken down within the last 30 days, helping measure monthly activity trends.

• Total Team Notes

  Shows the number of analyst notes or comments added across all cases. By clicking, users can quickly access and review collaboration logs tied to fraudulent entries.

These metrics provide at-a-glance visibility into overall takedown performance, ensuring organizations not only track threats but also measure the efficiency of their response.

Filtering

To help organizations efficiently manage large volumes of fraudulent entries, AttackMetricx provides powerful filtering options placed above the fraud list. These filters allow users to refine and focus on the most relevant incidents:

• Established Date – Limit results by timeframe (Last Day, Last Week, Last Month, Last Year, More than a Year, or Custom range).

• Platform – Filter by the source platform such as Facebook, Twitter, YouTube, Instagram, WhatsApp, Telegram, Websites, or X.

• Status – Organize cases by workflow stage (To Check By Customer, Takedown Completed, Takedown Rejected, In Progress, Reviewed, Out of Scope).

  • To Check By Customer – The case has been logged but requires the customer to review and confirm before further action is taken.

  • Takedown Completed – The fraudulent content has been successfully removed from the platform.

  • Takedown Rejected – The takedown request was denied (e.g., by the hosting provider or platform).

  • In Progress – The case is actively being investigated or under takedown processing.

  • Reviewed – The case has been assessed and verified, but no takedown action has been initiated yet.

  • Out of Scope – The fraudulent activity does not fall within the defined monitoring or response scope (e.g., irrelevant platform, non-actionable content).

• Severity – Prioritize based on impact level (Critical, High, Medium, Low, Info).

• Whitelisted – Distinguish between safe entries (Yes) and confirmed fraudulent ones (No).

• More – Access advanced filters, including:

  • Added By – Who created the fraud entry.

  • Added Date – When it was first logged.

  • Modified By – Who last updated the record.

  • Modified Date – When the most recent update occurred.

These filters ensure customers can instantly pinpoint the most relevant cases, avoiding noise and focusing only on actionable threats.

Fraudulent List (Fraud Card Details)

Every fraudulent entry is displayed in a dedicated fraud card, consolidating all important information in one place:

• Fraud Link – The malicious URL (e.g., https://www.nkeonleem.info/).

• Fraud Established Date – When the system first verified the fraudulent activity.

• Case ID – A unique identifier for tracking (e.g., #662).

• Severity – Assigned risk level (Critical, High, Medium, Low, Info).

• Whitelisted – Shows if the entry has been marked as safe (Yes/No).

• Added Date – When the case was created in the system.

• Added By – The user or process that logged the fraud.

• Modified Date – Last update timestamp.

• Modified By – Indicates whether the update was system-driven or manual.

• Status – Current stage in the workflow (Completed, In Progress, Rejected, etc.).

• Attach Screenshot – By clicking the image icon on the right side of the card, you can upload a screenshot of the fraudulent website or account as supporting evidence. This enhances verification and documentation for audits or escalation.

• Action Icons

  At the top-right of each Fraud Card, you will find a set of quick-action icons. These icons provide instant access to core functions without needing to open the full details of the fraudulent case:

  1. Delete (Trash Icon)

  • Removes the fraudulent entry from the system.

  • This should only be used if the entry was added by mistake or confirmed as irrelevant.

  1. Timeline (Graph Icon)

  • Opens a visual timeline of the fraud case lifecycle.

  • Displays milestones such as when the fraud was created, takedown requests sent, takedown completed, and investigation updates.

  • Helps teams quickly understand the progress and actions taken at different stages.

  1. History (Clock Icon)

  • Opens the Fraud History Log.

  • Shows a detailed tabular record of all actions taken against the fraudulent activity, including:

    • Action type (Fraud Created, Request Takedown, Completed, Comment Added, Out of Scope, etc.)

    • User/System who performed the action

    • Timestamps of when the actions occurred

  • Ensures traceability, accountability, and transparency for every step.

  1. URL Refresh (Circular Arrows Icon)

  • Re-validates the fraudulent URL’s status in real time.

  • On click, the system checks if the fraudulent link is still active or if it has been successfully taken down.

• View Full Details – When you expand a fraud case using View Full Details, two extra functions are available to enhance evidence collection and case tracking:

1. Add Post

• Used when a fraudulent page has multiple posts (ads, links, or content pieces) tied to the same fraud case.

• Clicking Add Post lets you:

  • Insert the fraudulent post URL.

  • Upload a screenshot or attachment as proof.

  • Save the post as a separate sub-entry under the case.

• Each post has its own Post ID, Status, Timestamps, and Manage Files section, ensuring investigators can treat them independently.

2. Add Update

• Designed for recording investigation notes, customer feedback, or workflow actions.

• Updates appear as a thread of comments linked to the case.

• Each update includes:

  • Content of the note.

  • Author (system or analyst).

  • Timestamp of creation.

  • Option to delete irrelevant notes.

• This allows full traceability, showing exactly what was done, when, and by whom.

At the bottom-left corner of each fraud case card, the system displays a quick counter showing:

• Posts – The total number of fraudulent posts or ads recorded under this case.

• Notes – The total number of investigation notes or updates added by analysts or customers.