Direct answer
Why track IBANs and phones? They reveal monetization and social-engineering routes that domain-only feeds miss.
Brand attack intelligence
Track attacked brands, lookalikes, TLD migration, ad/search abuse, customer-support spoofing and liveness/evidence readiness.
Fraud route graph
Connect domains, URLs, phones, IBANs, wallets, WhatsApp/Telegram handles, QR payloads and payment references across campaigns.
Actionable exports
Daily deltas, confirmed domains, confirmed URLs, mule routes, fake financial platforms and campaign clusters can be exported with provenance and confidence.
How PhishNet uses this
Inside PhishNet this topic is treated as operational graph context: observations are linked to sources, evidence, Belgian relevance, confirmation state, liveness, campaigns and exports. Public pages explain the method; authenticated users can pivot into the full platform workflow when a signal needs investigation or handoff.
Selected sources and research
These pages combine PhishNet platform knowledge with public research, official Belgian sources and open OSINT documentation.
Common questions
Why track IBANs and phones?
They reveal monetization and social-engineering routes that domain-only feeds miss.
Can review candidates be exported?
Yes, with explicit state, confidence, source tier and evidence links so downstream teams can apply their own policy.