Protecting UK Families & Businesses Knowledge is power — we make sure you have it
Menu ☰
CyberAware UK
Live Threat Intel
CyberAware UK
Home 🔍 Search
Live Threat Intel
Been Scammed? Start Here
Lock It Down
Scams & Money
Reviews & Tests
Know Your Stuff
Go Deeper
Careers
About Us

Methodology

CyberAware UK — How Our Intelligence Works

Last updated: 7 July 2026

This page explains how CyberAware UK gathers, processes, and publishes threat intelligence. We believe in transparency — you should know exactly where our numbers come from and how we produce our alerts.


1. DarkWatch — Our Dark Web Monitoring Pipeline

DarkWatch is our automated threat intelligence system. It continuously monitors threat sources and feeds our scam alerts, daily briefings, and threat dashboard.

1.1 What we monitor

Our pipeline currently tracks 18 active target sources, which include:

Source Type Examples What We Gather
Dark web forums Russian-language carding forums, bulletproof hosting marketplaces Stolen data listings, scam kit sales, exploit advertisements
Telegram channels Fraud-focused channels (publicly accessible) Scam scripts, phishing links, recruitment posts
RSS feeds UK fraud alerts, cybersecurity news feeds Official scam warnings, data breach notifications, law enforcement updates
OSINT sources Public breach databases, threat intel feeds Credential dumps, compromised accounts, malware indicators
Social media monitoring Public X/Twitter accounts discussing UK fraud Trend identification, new scam techniques
News aggregation UK news outlets covering fraud and cyber crime Case studies, loss figures, enforcement actions

Our pipeline does not access private Telegram channels, dark web markets requiring registration, or any illegal content. All monitoring is of publicly accessible sources.

1.2 How "captures" are counted

"14,000+ captures analysed" refers to the cumulative number of individual intelligence items (articles, posts, alerts, reports) that our pipeline has fetched, classified, and stored since tracking began. Each item is:

  1. Fetched — retrieved from the source via RSS, API, or scraper
  2. Classified — categorised by type (scam alert, data breach, threat intel, general news)
  3. Scored — assessed for relevance and severity using keyword matching and signal detection
  4. Stored — saved to our intelligence database for analysis and reporting

This is an automated process. Not every captured item is published — only those that meet our relevance and severity thresholds are included in briefings and alerts.

1.3 Refresh cadence

Source Type Refresh Rate
RSS feeds Every 6 hours
Telegram channels Every 2 hours (via web scraping)
OSINT feeds Daily
News aggregation Daily at 9am
Social media monitoring Every 2 hours (limited by platform access)

Our pipeline runs continuously, but intelligence is curated and published on a daily cycle. The live dashboard (/dashboard) updates with the most recent intelligence after each pipeline run.

1.4 Pipeline tracking numbers

The numbers displayed on our site are updated from our SQLite intelligence database:

Numbers shown on /darkwatch, /dashboard, and /advertise are pulled from the same database backend that powers our threat alerts.


2. Scam Database

Our scam database (/scams) contains curated information on 30+ active scam types targeting UK residents. This data is compiled from:

Each scam entry includes the technique, a UK-specific example, relevant statistics (with source attribution), and a protection guide.


3. Scam Loss Figures

The £3.4B figure referenced on the site is the UK Finance 2025 Annual Fraud Report total fraud loss for the UK. This is a publicly available industry statistic. We cite it to show the scale of the problem. Individual scam type breakdowns (e.g., phone scam losses, phishing losses) are also sourced from UK Finance, Action Fraud, or other official UK bodies.

Loss figures on individual scam pages are attributed to their source where possible. Where a figure combines multiple sources, we note this.


4. Podcast

The CyberAware UK podcast (/episodes) is an editorial production. Episodes are produced based on:

Each episode is a plain-English summary of current threats. We do not claim investigative journalism — we explain what we're seeing in our monitoring and what it means for UK families.


5. Reviews and Product Affiliate Content

Product reviews on our site are based on:

We disclose affiliate relationships where they exist. As an Amazon Associate we earn from qualifying purchases. Other links may also be affiliate links. This does not affect the content of our reviews or recommendations.

Our review scores represent our assessment based on available information. We recommend cross-referencing with independent third-party review sites before making purchasing decisions.


6. Limitations and Caveats


7. Updates to this methodology

We review and update this methodology as our pipeline evolves. Significant changes will be noted in our newsletter or on this page.

If you have questions about our methodology, contact us via: https://cyberawareuk.co.uk/ask