Egidio
Transparency · Methodology

How we source and verify our content

This site publishes figures about scams: loss volumes, victim counts, fraud mechanisms. Here are the rules we follow to write them — the same rules for every page, every market, every language.

The base rule

No figure is published without a named, dated source. Every page of the Threat Laboratory cites its sources in context, at the point where the figure appears. The /sources/ page lists them all, market by market, with the date we consulted them.

Claimed is not confirmed

In a data breach or a cyberattack, the attacker often claims a larger volume than an investigation later confirms — sometimes the reverse. When both figures exist, we publish both, clearly distinguished. The figure confirmed by an authority takes precedence over the figure claimed by an interested party.

France Titres. The hacker claimed 19 million records. France's Interior Ministry confirmed 11.7 million. We cite both figures, with their respective source.
Japanese hospital. The first disclosed count put roughly 10,000 patients at risk. The full investigation raised that figure to roughly 130,000. We date each version and indicate which one is final.

Omission over invention

When the available sources contradict each other too widely to be reconciled, we do not publish an average or approximate figure: we write that down plainly.

Example. The price of a medical record on black markets ranges, depending on the blogs consulted, from a few cents to several hundred euros — too wide a spread to be reliable. We do not settle on a single figure in this case; we describe the range and its uncertainty.

A missing section is better than an invented statistic.

Who we cite — and who we don't

Admitted: public authorities (police, regulators, central banks, national CERTs), established press, academic studies, consumer associations, documentaries produced by established broadcasters.

Not admitted: social media creator content, however serious. One exception: official accounts of public institutions. In that case, we cite the institution and its campaign — never the platform it was posted on.

People are never the subject

Victims are described, never named, even when our source names them. We document patterns — how a scam progresses, what signals betray it — not accusations against individuals. Religious communities and diasporas are always treated as the protected victim, never as the suspect.

Mechanisms, not geopolitics

On hybrid threats, we describe the mechanisms documented by multilateral organizations — how an attack works technically — without naming states, even when our sources do.

We read the sources, not their summaries

Every fact is checked against the primary document — report, press release, article — before publication. Automated summaries, including those produced by search engines, contain errors. We have caught and discarded several during this work.

What is dated stays dated

Every source we cite carries the date we consulted it. An old statistic is presented as such, never reworded to look recent.

The complete list of our sources, market by market, with consultation dates, is public: /sources/.

The threat understood becomes the protection — it starts with verified facts.