Unphish v2 Docs
User Guide

Client reviewer

How to approve or reject enforcement actions in the client portal.

If your organization has asked you to review enforcement decisions on behalf of your brands, this is the guide for you. Your role is client_approver and your home is the client portal.

What you are doing and why

When the Unphish team identifies a threat against one of your brands, your client policy determines what happens next:

  • Auto-enforce — high-confidence cases proceed without your involvement. You see them in your reports.
  • Client approval required — the case is sent to you. The Unphish analyst recommends an action, and you approve, reject, or ask for more information.

Your decision is the final authorization before a takedown notice is sent to the registrar, hosting provider, social platform, or DNS partner. Take it seriously. The audit trail captures who approved what and when.

Your home: the review queue

Sign in and you land at /client/review. The review queue lists every case currently waiting for your decision. Each row shows:

  • The infringing URL or social handle.
  • The brand it targets.
  • The confidence and label assigned by the classification engine.
  • The Unphish analyst's recommendation.
  • How long it has been waiting.

Click any row to open the case detail.

Reviewing a case

The case detail gives you everything you need to decide:

  • Threat summary — what is being claimed about the page (phishing, fakeshop, impersonation, etc.) and why.
  • Evidence — desktop and mobile screenshots, the redirect chain, the DNS / WHOIS / SSL records, parsed HTML, and any extracted text.
  • Brand context — your authorized domains, social handles, trademarks, and proof of authorization, so you can confirm this is not legitimate.
  • Notes — the analyst's reasoning, plus any prior conversation on the case.

You have three actions:

  1. Approve — the analyst proceeds with the recommended channel. Add an optional note.
  2. Reject — the case is dismissed. You must select a reason: legitimate use, partner content, internal page, fair use, insufficient evidence, other (with note).
  3. Request more information — the case stays in your queue but pings the analyst with your specific question. The analyst replies in comments; you can request more, approve, or reject.

Every action is audited with your identity, scope, timestamp, and reason.

Submitting your own threats

If you spot a phishing or impersonation site we have not picked up, submit it from /client/submit:

  1. Paste the URL, email, domain, social handle, or app store link.
  2. The form suggests a report type (phishing, content abuse, copyright, trademark, etc.) and an issue type.
  3. Pick the brand it targets. The system will check your whitelist, scan for duplicates, and pull lightweight metadata.
  4. Optionally check "I authorize action if this is confirmed". If you have client_approver role, this satisfies the approval requirement on your submission so the analyst can move directly to enforcement.
  5. Submit. The case appears in the analyst queue with source user_submission.

Cases and history

/client/cases is the searchable record of every case touching your brands. Filter by status, activity, brand, date, and outcome. Use it for audits, internal reporting, or to confirm a takedown was completed.

/client/reports lists your scheduled reports (weekly, monthly, custom) and lets you run on-demand reports for any date range. Reports cover detected, actioned, succeeded, blocked, needs-human, plus SLA, provider responsiveness, and watchlist changes.

Brand assets

The platform uses your brand assets — logos, official domains, social handles, trademarks, copyright references — both to detect impersonation and to populate enforcement payloads (a CleanDNS or DMCA notice needs your trademark registration; a Meta takedown needs your verified social handles).

Keep these current. /client/brands is where your client admin maintains them. If something is out of date, your admin can update it.

Notification preferences

/client/notifications lets you configure how you receive prompts to review cases:

  • In-app banner.
  • Email digest (immediate, hourly, daily).
  • Slack webhook.
  • Custom webhook.

If you are reviewing cases as part of your job, configure at least one notification channel that fits your working style.

What you cannot do (and that is intentional)

  • You cannot approve or modify enforcement on cases for clients you do not have access to. Membership is enforced.
  • You cannot delete or alter case history. Closure and dismissal are reversible only by the Unphish team via audited actions.
  • You cannot manage other client users or change their roles — that is your client admin's job.
  • You cannot see Hub or platform-level pages. Those are operator surfaces.

If you need something the portal does not let you do, contact your client admin or the Unphish team.

Previous

Analyst workflow

Next

Partner workflow

On this page