How can I, as a trusted user of an intermediary company (such as PhishTank), check if a phishing site is valid if the scam is not listening? only on a single referent link (created randomly) and blocks any other access method?
To stage a threat scenario.
An attacker has sent an email to a local bank agent. This email is very similar to the official email of an employee of their company located at a higher level and the time has been planned. Later, they detect that it was a phishing attack by a former employee. They report the attack on PhishTank (for example), but they can not verify it because the link does not allow direct access (only with a single referent as in the email). How can they still check if there is a valid report?
Now the real question,
On a technical level, how does such an attack work?