Methodology

PhishNet public methodology

Public PhishNet pages use fixed snapshots, sanitized examples, source references, methodology notes and clear limits.

Request demoRead researchOpen dashboard

Direct answer

Can the methodology be cited? Yes. Use the citation page and stable URLs.

Snapshot-first model

Public pages read cached snapshots and static research. They do not trigger collection, liveness checks, screenshots, OCR, graph clustering or export jobs.

Confirmation states

Confirmed, corroborated suspicious, review candidate and context-only observations remain separate. Feed presence is not treated as liveness.

Country relevance

Country relevance is explained through brands, language, source, payment routes, phones, official baselines and evidence; it is not just TLD or IP geography.

How PhishNet uses this

Inside PhishNet this topic is treated as operational graph context: observations are linked to sources, evidence, Belgian relevance, confirmation state, liveness, campaigns and exports. Public pages explain the method; authenticated users can pivot into the full platform workflow when a signal needs investigation or handoff.

Selected sources and research

These pages combine PhishNet platform knowledge with public research, official Belgian sources and open OSINT documentation.

APWG Phishing Activity Trends Reports ENISA Threat Landscape 2025 Why Phishing Works, Dhamija, Tygar and Hearst, CHI 2006 CCB Belgium: phishing messages surge urlscan.io API documentation Microsoft Ad Library API Common Crawl CDX Index

Common questions

Can the methodology be cited?

Yes. Use the citation page and stable URLs.

Related reading

Static

How to cite PhishNet

Citation guidance for PhishNet public reports, data products and research pages.
Static

Public redaction policy

What PhishNet withholds from public pages and why.