Risk Review Matrix

This page provides a structured framework for classifying the level of concern associated with a source under review. Each category includes a description, common signals, examples of what may trigger that classification, and a suggested course of action. Use this matrix in conjunction with the Verification Flow to arrive at an informed assessment.

Document type: Risk Classification Framework Last updated: April 12, 2026 Version: 1.0
Low Concern

Source Appears Consistent and Credible

A low concern classification indicates that the source under review does not exhibit significant signs of inauthenticity or misrepresentation. The domain, content, and trust signals are broadly consistent with what would be expected from a legitimate source.

Common Signals

  • The domain matches or closely aligns with the official reference source
  • Content quality and editorial standards are consistent throughout the site
  • Contact information is present and appears verifiable
  • Standard legal pages (terms, privacy) are available and coherent
  • No aggressive pop-ups, redirects, or intrusive behaviors observed

Example Triggers

  • A page on the official domain with minor cosmetic differences from other pages
  • Slightly outdated content that does not suggest deliberate deception
  • A regional variation of the official site with localized content
Suggested Action: No immediate action required. Continue to monitor if any new concerns arise. Bookmark this workspace for future reference.
Moderate Concern

Some Inconsistencies Noted

A moderate concern classification indicates that the source exhibits some inconsistencies that, while not conclusively deceptive, warrant attention. These may include minor deviations in presentation, incomplete information, or elements that do not fully align with the official reference.

Common Signals

  • The domain is similar to but not identical to the official reference
  • Some content appears to be adapted or paraphrased from the official source
  • Contact information is present but cannot be independently verified
  • Design elements are similar but exhibit noticeable differences in quality or consistency
  • Legal or compliance pages are present but appear generic or incomplete

Example Triggers

  • A domain using a different top-level extension (e.g., .net instead of .com) with similar content
  • A page that uses the official brand name but has a different visual identity
  • Content that references the official source but includes additional, unverified claims
Suggested Action: Document your observations and revisit the source after a period of time. If inconsistencies persist or new concerns emerge, consider filing a report through the Submission Desk.
Elevated Concern

Multiple Warning Indicators Present

An elevated concern classification indicates that the source exhibits multiple characteristics commonly associated with unauthorized or misleading content. The combination of domain discrepancies, content inconsistencies, and absent trust signals suggests that the source may not be what it represents itself to be.

Common Signals

  • The domain clearly deviates from the official reference, potentially using character substitution or misleading extensions
  • Content appears to be directly copied from the official source with minimal modification
  • Contact information is absent or clearly fabricated
  • The page lacks standard legal disclosures or compliance information
  • Trust indicators (security seals, certifications) are present but cannot be verified
  • The site was recently registered and has no established web presence

Example Triggers

  • A recently created domain that replicates the official site's layout and content
  • A page that uses the official brand's logos and imagery without authorization
  • Content that directs users to alternative contact channels or payment methods not associated with the official source
Suggested Action: File a detailed report through the Submission Desk. Include all relevant URLs, screenshots, and observations from your verification review. Avoid interacting further with the source until the report has been reviewed.
High Concern

Strong Indicators of Deliberate Deception

A high concern classification indicates that the source exhibits strong indicators of deliberate impersonation, fraud, or deceptive practices. The evidence suggests a purposeful attempt to mislead users by imitating the official reference source.

Common Signals

  • The domain is a clear imitation of the official reference, designed to confuse users
  • Content is directly copied with the apparent intent to deceive
  • The page requests sensitive personal or financial information under false pretenses
  • No legitimate contact information, legal disclosures, or compliance statements are present
  • The page employs aggressive tactics such as false urgency, misleading claims, or deceptive redirects
  • Multiple independent indicators from the verification flow confirm the source is not authentic

Example Triggers

  • A page that is a near-exact replica of the official site, hosted on a different domain
  • A source that collects login credentials or payment details while impersonating the official brand
  • A domain that uses typosquatting techniques to capture traffic intended for the official site
Suggested Action: Submit an immediate report through the Submission Desk with all available evidence. Do not provide any personal information to the source. If you believe you have already been affected, consider contacting the appropriate authorities in your jurisdiction.

Classification Guidance

Important Note

This risk matrix is intended as a practical guide for initial assessment. It does not constitute a definitive determination of legality or legitimacy. If you are uncertain about a classification, err on the side of caution and submit a report. All submissions are reviewed individually, and the integrity team will assess the concern based on the information provided.

Related: Verification Flow Related: Submission Desk