Dataset methodology

Belgian phishing OSINT dataset methodology

Dataset trust depends on reproducibility: source families, snapshot date, filters, redaction policy, confirmation states and known gaps must be visible.

Request demoRead researchOpen dashboard

Direct answer

Can public datasets be cited? Yes, public research pages include canonical URLs and citation snippets.

Research framing

Phishing datasets are biased by collection source, reporting behavior, takedown speed, language and platform coverage.

Attack mechanism

PhishNet separates open feeds, regulator warnings, CT evidence, URL evidence, ads/search, active OSINT categories, artifact capture and official baselines.

Evidence and source model

Every dataset should include schema, snapshot date, source families, redaction status, evidence readiness, liveness coverage and confidence logic.

Belgian and European relevance

Belgian datasets require local brand aliases, Dutch/French lures, public-sector themes, FSMA overlap, BIPT context, and non-local TLD targeting.

How PhishNet operationalizes this

The platform publishes public-safe summaries and offers authenticated operational exports for approved buyers or research partners.

Analyst implications

The operational question is not whether an isolated row looks interesting. The question is whether the signal is fresh, provenance-rich, corroborated, evidence-ready and connected to brands, sectors, infrastructure, kits, mule routes or public-warning context. PhishNet therefore presents confirmed, corroborated suspicious, review-candidate and context-only states separately.

Limits and uncertainty

Counts should never be read as total crime prevalence; they measure observed and normalized platform coverage.

Research takeaway

Phishing intelligence becomes valuable when repeated structure appears: the same brand on new infrastructure, the same kit across domains, the same phone or IBAN route after takedowns, the same ad/search pathway, or the same evidence pattern in multiple independent source families.

How PhishNet uses this

Inside PhishNet this topic is treated as operational graph context: observations are linked to sources, evidence, Belgian relevance, confirmation state, liveness, campaigns and exports. Public pages explain the method; authenticated users can pivot into the full platform workflow when a signal needs investigation or handoff.

Selected sources and research

These pages combine PhishNet platform knowledge with public research, official Belgian sources and open OSINT documentation.

APWG Phishing Activity Trends Reports ENISA Threat Landscape 2025 Why Phishing Works, Dhamija, Tygar and Hearst, CHI 2006 CCB Belgium: phishing messages surge

Common questions

Can public datasets be cited?

Yes, public research pages include canonical URLs and citation snippets.

Do public datasets expose raw IOCs?

No. Public examples are redacted and high-level.

Related reading

Solutions

Phishing dataset access for research institutions

Reproducible public snapshots and authenticated graph-backed datasets for universities, labs and policy institutes.
Knowledge

Phishing OSINT research

How open-source phishing research becomes operational intelligence for public-sector and CERT teams.