This paper describes a novel approach to profiling
phishing emails based on the combination of multi-
ple independent clusterings of the email documents.
Each clustering is motivated by a natural representa-
tion of the emails. A data set of 2048 phishing emails
provided by a major Australian financial institution
was pre-processed to extract features describing the
textual content, hyperlinks and orthographic struc-
ture of the emails. Independent clusterings using dif-
ferent techniques were performed on each representa-
tion, and these clusterings were then ensembled using
a variety of consensus functions. This paper concen-
trates on using several clustering approaches to de-
termine the most likely number of phishing groups
and explores ways in which individual and combined
results relate. The approach suggests a number of
phishing groups and the structure of the approach
can aid the development of profiles based on the in-
dividual clusters. The actual profiling is not carried
out in this paper.