Scoring guide

Evidence readiness scoring guide

Evidence readiness prevents noisy observations from being treated as complete cases.

Request demoRead researchOpen dashboard

Direct answer

Is evidence readiness the same as confidence? No. Confidence is how strongly the signal supports a conclusion; readiness is how complete the evidence package is.

Research framing

Evidence readiness measures whether a signal has enough preserved context to support action.

Attack mechanism

Inputs include source provenance, screenshot or archive, redirect chain, liveness, extracted entities, source overlap, official warning match, analyst decision and graph relationships.

Evidence and source model

The score is not a danger verdict. It is a measure of operational completeness and traceability.

Belgian and European relevance

For Belgian cases, readiness often improves when local brand, language, phone, IBAN, FSMA/Safeonweb, BIPT or public-sector context is present.

How PhishNet operationalizes this

PhishNet surfaces readiness in feeds, Evidence, Ads Review, Kit Intelligence, Handoff Pack and research dataset exports.

Analyst implications

The operational question is not whether an isolated row looks interesting. The question is whether the signal is fresh, provenance-rich, corroborated, evidence-ready and connected to brands, sectors, infrastructure, kits, mule routes or public-warning context. PhishNet therefore presents confirmed, corroborated suspicious, review-candidate and context-only states separately.

Limits and uncertainty

Missing evidence should result in a review task or data gap, not an inflated confirmed label.

Research takeaway

Phishing intelligence becomes valuable when repeated structure appears: the same brand on new infrastructure, the same kit across domains, the same phone or IBAN route after takedowns, the same ad/search pathway, or the same evidence pattern in multiple independent source families.

How PhishNet uses this

Inside PhishNet this topic is treated as operational graph context: observations are linked to sources, evidence, Belgian relevance, confirmation state, liveness, campaigns and exports. Public pages explain the method; authenticated users can pivot into the full platform workflow when a signal needs investigation or handoff.

Selected sources and research

These pages combine PhishNet platform knowledge with public research, official Belgian sources and open OSINT documentation.

APWG Phishing Activity Trends Reports ENISA Threat Landscape 2025 Why Phishing Works, Dhamija, Tygar and Hearst, CHI 2006 CCB Belgium: phishing messages surge

Common questions

Is evidence readiness the same as confidence?

No. Confidence is how strongly the signal supports a conclusion; readiness is how complete the evidence package is.

Why show data gaps?

Because action teams need to know what is missing before escalating or exporting.

Related reading

Knowledge

Phishing evidence and takedown

How evidence, provenance and human approval turn intelligence into safe action.
Platform

CERT handoff pack example

What an evidence-ready phishing handoff package should contain for CERT and abuse workflows.