Phishing attacks typically involve copying a webpage of a website and hosting the copied webpage on a phishing site, with or without modification, so that the phishing site appears the same or similar to the original website. A victim is tricked into visiting the phishing site and submitting sensitive information, such as login credentials, banking passwords, and credit card information, to the phishing site, with the false impression of submitting the sensitive information to the original website.
Phishing attacks constitute a major security concern and leads to heavy investments in prevention, detection and takedown of such attacks.
Prevention and mitigation of phishing usually focus on detecting and taking down attacks in an expedited fashion. However, many phishing campaigns are designed as opportunistic predators that attempt to obtain a large number of victims in small periods of time. A typical time window between the deployment of a phishing attack and its take-down may be large enough for the phishing campaign to generate some victims. Many phishing pages are active only for a short period of time (e.g., approximately three days, with the majority lasting less than a day). It is a challenge to identify and contact the victims in order to avoid future defrauding.