Methodology

How the score actually works.

We're skeptical of black-box scores too. Here's exactly what feeds the number and what doesn't.

Two scores, not one

We split signals along two axes so a real company with a sketchy hiring practice doesn't get masked by overall legitimacy.

Legitimacy Score (0–100)

Does this entity exist as it claims? Business registration, domain age and ownership stability, employee/hiring footprint, public records, news presence, address consistency.

Scam-Risk Score (0–100)

Does this look like a known fraud pattern? Ghost-office signals, fake-recruiter patterns, shell-company layering, hiring bait, payment-up-front asks, identity-imitation of legitimate firms.

Source categories

We cross-reference categories, not single sources. A claim from one feed gets weighted by corroboration from others. We name categories; we don't name vendors.

Business registries

National + EU corporate registries, beneficial ownership disclosures.

Domain & infrastructure

WHOIS, DNS history, hosting fingerprint, certificate transparency.

News & press

Established outlets, niche industry press, archive history.

Sanctions & compliance

OFAC, EU consolidated sanctions, watchlists, court records (where public).

Hiring footprint

Public job postings, recruiter activity, role distribution, regional patterns.

Social & professional

Profile age, employee corroboration, network density, suspicious-pattern detection.

Web presence

Site age, content depth, broken links, template reuse across known scams.

Known-scam patterns

Our internal library of confirmed scam playbooks updated continuously.

Confidence levels

Every finding carries a confidence band. A score with thin evidence is not the same as a score with thick evidence.

High

Multi-source corroboration, primary documents present.

Medium

Some corroboration, some inference, no contradictions.

Low

Single-source or inferred. Useful as a lead, not a conclusion.

Limitations — what we can't see

Private financial data unless disclosed publicly.

Internal culture beyond what employees write about it.

Real-time fraud — we lag a new scam playbook by days to weeks until our pattern library updates.

Jurisdictions with opaque registries (some offshore, some emerging markets) give us thinner ground truth.

Companies that share names with legitimate firms can mislead naive lookups — we surface disambiguation when this happens.

What we don't do

— We don't notify or contact the company you investigate.

— We don't sell investigation history to anyone, ever.

— We don't pretend a 'green' verdict means safe — it means clear signals point that way.

— We don't suppress findings to flatter a customer.

Read the methodology, then test it.

Run an investigation against a company you already know well. If our verdict surprises you, tell us why.