Consider for a moment the stages involved in a traditional phishing attack:  Create the phishing page – either buried within a legitimate site or hosted on some temporary server Send out carefully socially engineered phishing emails requiring login for some reason – including the link to the phishing page Collect