Direct answer
Is every lookalike malicious? No. Lookalikes need corroboration, evidence, liveness or analyst review.
What this solves
PhishNet separates official baselines, lookalikes, suspicious registrations, ad/search abuse, fake support pages and confirmed phishing.
Key workflows
Brand Attack Intelligence, CT early warning, Ads Review, evidence archiving, campaign clustering and takedown preparation.
Outcome
Teams focus on verified, corroborated or evidence-ready abuse instead of chasing weak matches.
How PhishNet uses this
Inside PhishNet this topic is treated as operational graph context: observations are linked to sources, evidence, Belgian relevance, confirmation state, liveness, campaigns and exports. Public pages explain the method; authenticated users can pivot into the full platform workflow when a signal needs investigation or handoff.
Selected sources and research
These pages combine PhishNet platform knowledge with public research, official Belgian sources and open OSINT documentation.
Common questions
Is every lookalike malicious?
No. Lookalikes need corroboration, evidence, liveness or analyst review.
What does evidence-ready mean?
The platform has preserved artifacts and enough provenance to support operational action.