Operational guide

CERT handoff pack example

A handoff pack should make action easier: evidence, graph context, liveness, affected brand, source provenance, analyst decision and safe next action.

Request demoRead researchOpen dashboard

Direct answer

What is a CERT handoff pack? A structured evidence package for response, takedown, sharing or investigation.

Research framing

Many phishing reports fail because they contain only a URL. Operational handoff requires proof and context.

Attack mechanism

A PhishNet pack can include screenshots, redirect chains, source refs, archive refs, graph links, liveness state, campaign/kit context, mule-route signals and export history.

Evidence and source model

Evidence readiness is measured before action: preserved page, source provenance, timestamp, confidence, legal/safety status and affected entities.

Belgian and European relevance

Belgian handoff packs can show FSMA/Safeonweb overlap, public-sector impersonation, BIPT phone context, local brand abuse and Benelux campaign reuse.

How PhishNet operationalizes this

PhishNet exports PDF summaries plus CSV/JSONL/STIX/MISP rows for downstream systems.

Analyst implications

The operational question is not whether an isolated row looks interesting. The question is whether the signal is fresh, provenance-rich, corroborated, evidence-ready and connected to brands, sectors, infrastructure, kits, mule routes or public-warning context. PhishNet therefore presents confirmed, corroborated suspicious, review-candidate and context-only states separately.

Limits and uncertainty

The public example stays sanitized; authenticated users see operational values and restricted vault refs according to role.

Research takeaway

Phishing intelligence becomes valuable when repeated structure appears: the same brand on new infrastructure, the same kit across domains, the same phone or IBAN route after takedowns, the same ad/search pathway, or the same evidence pattern in multiple independent source families.

How PhishNet uses this

Inside PhishNet this topic is treated as operational graph context: observations are linked to sources, evidence, Belgian relevance, confirmation state, liveness, campaigns and exports. Public pages explain the method; authenticated users can pivot into the full platform workflow when a signal needs investigation or handoff.

Selected sources and research

These pages combine PhishNet platform knowledge with public research, official Belgian sources and open OSINT documentation.

APWG Phishing Activity Trends Reports ENISA Threat Landscape 2025 Why Phishing Works, Dhamija, Tygar and Hearst, CHI 2006 CCB Belgium: phishing messages surge

Common questions

What is a CERT handoff pack?

A structured evidence package for response, takedown, sharing or investigation.

Does PhishNet automate takedown?

It prepares evidence and exports; external action remains controlled and auditable.

Related reading

Platform

Evidence and takedown workflows

Turn phishing OSINT into preserved evidence, analyst decisions, abuse-desk exports and CERT handoff packs.
Solutions

Phishing intelligence feed for CERT and CSIRT teams

A country-scoped phishing feed with evidence, source quality, confirmation state, liveness and MISP/STIX-ready exports.