Helpdesk phishing — fake support ticket + verify identity to view reply (credential harvest)
helpdesk-phishing
What this tier means
High-confidence threat indicator — phishing, impersonation, BEC, or scam pattern. Strong contributor to the trash decision.
How Gorganizer detects this
Body contains both a support-ticket notification ("you have a new support ticket", "our support agent has replied to your case", "your helpdesk ticket has been updated") AND a verify-identity-to-view demand ("verify your identity to access the ticket", "identity verification required to view the reply", "click to confirm your account to open the support message"). Real helpdesk tools (Zendesk, Intercom, Freshdesk) give you a direct link to the reply — they never ask you to verify your identity or confirm your account credentials before you can read a support message. This gating step is unique to the phishing variant and signals a credential-harvesting login page.
False-positive guard
Every signal in Gorganizer feeds a multi-module score — never a sole verdict. This is a threat-tier signal — it adds a strong contribution to the trash score. The full pipeline still requires convergence across multiple modules + a margin over the safety floor before deletion happens, and Gmail's trash (30-day recovery) is always used — never permanent delete.
About the scoring engine
Gorganizer's scoring engine emits over 1,800 signals across six modules — headers, sender, subject, body, attachments, and structural metadata. Every email is scored by every module independently; the final verdict requires multiple modules to agree and the trash score to beat the safety floor by a margin.
Sacred safety guards — never delete starred emails, replies, calendar invites, receipts/invoices, or attachments — apply unconditionally regardless of any signal.
Ready to clean your inbox?
Gorganizer scans your Gmail with this signal and 1,800+ others, then cleans everything in one click. $4.99 one-time, no subscription.
Get started