Direct answer
What is phishing OSINT research? It is the disciplined use of open-source and authorized public signals to understand phishing infrastructure, delivery, evidence, campaigns and fraud routes.
Research question first
A useful daily article starts with a thesis, not a table. It asks which part of the attack chain is becoming visible: domain supply, smishing delivery, ad/search abuse, mule routes, kit reuse or evidence readiness.
Data as evidence, not decoration
Counts support the argument but do not replace interpretation. The public layer uses redacted examples and fixed daily snapshots, while full indicators stay in authenticated datasets and exports.
Why PhishNet is different
The platform connects Belgian sources, public OSINT, active collection, official baselines, source quality and evidence into one graph so research can move directly into investigation and handoff.
How PhishNet uses this
Inside PhishNet this topic is treated as operational graph context: observations are linked to sources, evidence, Belgian relevance, confirmation state, liveness, campaigns and exports. Public pages explain the method; authenticated users can pivot into the full platform workflow when a signal needs investigation or handoff.
Selected sources and research
These pages combine PhishNet platform knowledge with public research, official Belgian sources and open OSINT documentation.
Common questions
What is phishing OSINT research?
It is the disciplined use of open-source and authorized public signals to understand phishing infrastructure, delivery, evidence, campaigns and fraud routes.
Why not publish raw IOCs publicly?
Raw public IOCs can create harm or noise. Public research should explain patterns; operational IOCs belong in controlled authenticated workflows.