Fake NIS2/CSIRT 24h/72h mandatory incident disclosure lure — deadline + off-official-domain link.
nis2-csirt-phish
What this tier means
High-confidence threat indicator — phishing, impersonation, BEC, or scam pattern. Strong contributor to the trash decision.
How Gorganizer detects this
Fake NIS2 Directive (EU 2022/2555) / CSIRT 24h or 72h mandatory incident disclosure lure. NIS2 requires essential entities to submit early warning within 24h and detailed report within 72h; non-compliance fines reach €10M. Attackers impersonate ENISA, CSIRT, NCSC, or cert.se with fake deadline notices linking to off-official portals. Fires when: NIS2/CSIRT/ENISA vocabulary + 24h/72h urgency + all hrefs off enisa.europa.eu/ncsc.gov.uk/cert.se/msb.se + no List-Unsubscribe + no In-Reply-To. Source: GE-R8; ENISA NIS2 guide 2024.
False-positive guard
Every signal in Gorganizer feeds a multi-module score — never a sole verdict. This is a threat-tier signal — it adds a strong contribution to the trash score. The full pipeline still requires convergence across multiple modules + a margin over the safety floor before deletion happens, and Gmail's trash (30-day recovery) is always used — never permanent delete.
About the scoring engine
Gorganizer's scoring engine emits over 1,800 signals across six modules — headers, sender, subject, body, attachments, and structural metadata. Every email is scored by every module independently; the final verdict requires multiple modules to agree and the trash score to beat the safety floor by a margin.
Sacred safety guards — never delete starred emails, replies, calendar invites, receipts/invoices, or attachments — apply unconditionally regardless of any signal.
Ready to clean your inbox?
Gorganizer scans your Gmail with this signal and 1,800+ others, then cleans everything in one click. $4.99 one-time, no subscription.
Get started