Fake EU Digital Services Act Article 16 / 22 trusted-flagger takedown-notice impersonation lure — "DSA Article 16 trusted flagger takedown notice has been issued for illegal content on your account; you have 24 hours to appeal via the Digital Services Coordinator portal" spoofing the DSC (Digital Services Coordinator). Targets content creators, brand-protection teams, and platform-trust-and-safety admins. The DSA Art. 16 / 22 / 23 takedown machinery is now live across VLOPs / VLOSEs (very large online platforms / search engines), giving attackers a real regulatory pretext. Lookalike DSC portals harvest platform-admin credentials, content metadata, and creator-account access. Real DSC takedown notices come through formal platform-trust-and-safety channels, never via inbound email link from an unfamiliar domain. Source: GC1 R8 multiagent council (S3 EU-reg specialist).

Fake EU Digital Services Act Article 16 / 22 trusted-flagger takedown-notice impersonation lure targeting content creators, brand-protection teams, and platform-trust-and-safety admins. The phish narrative arrives as: "A Digital Services Act Article 16 trusted flagger takedown notice has been issued for illegal content on your account — you have 24 hours to appeal via the Digital Services Coordinator portal," or "The Digital Services Coordinator issued an Article 22 trusted flagger removal notice — action required to appeal within 24 hours or content will be permanently removed." The DSA Art. 16 (illegal-content notices) / Art. 22 (trusted flagger) / Art. 23 (suspension of repeat offenders) takedown machinery is now live across VLOPs / VLOSEs (very large online platforms and search engines per DSA designation thresholds), and DSC (Digital Services Coordinator) member-state authorities have been issuing real takedown / appeal notices through 2025-2026, giving attackers a credible regulatory pretext. Lookalike DSC portals harvest platform-admin credentials, content metadata, and creator-account access — post-compromise the attacker (1) takes over the creator's monetized social presence (YouTube / Instagram / TikTok / Substack creator-economy revenue redirect), (2) exfiltrates content production pipeline (drafts, sponsorship contracts, audience analytics), (3) impersonates the creator to pivot to additional brand-protection compromises. Real DSC takedown notices come through formal platform-trust-and-safety channels (the platform itself relays the notice to the affected user via in-app inbox, not external email), follow specific Art. 16 procedural requirements with the option to dispute via the platform internal-complaint mechanism (Art. 20) or out-of-court dispute-settlement body (Art. 21), and never demand external-portal credential entry via inbound email link from an unfamiliar domain. Fires when body references Digital Services Act / DSA / trusted flagger / Article 16 / Article 22 / Article 23 / illegal content / takedown notice / DSC / Digital Services Coordinator AND contains appeal / remove / removal / 24 hours / action-required / permanently-remove urgency. Excludes ec.europa.eu, digital-strategy.ec.europa.eu, transparency.dsa.ec.europa.eu, and the broader .europa.eu umbrella. Auto-classified as danger via the `-lure` suffix. Source: GC1 R8 multi-agent council (S3 EU-reg specialist).