Phishing data item clustering and analysis

What is claimed is: 1. A computer system comprising: one or more computer readable storage devices configured to store: a plurality of computer executable instructions; a data clustering strategy; and a plurality of data items including at least: a plurality of email data items, each of the plurality of email data items including at least a subject and a sender, each of the plurality of email data items potentially associated with phishing activity; and a plurality of phishing-related data items related to a communications network of an organization, the plurality of phishing-related data items including at least one of: internal Internet Protocol addresses of the communications network, computerized devices of the communications network, users of particular computerized devices, organizational positions associated with users of particular computerized devices, or URLs and/or external domains visited by users of particular computerized devices; and one or more hardware computer processors in communication with the one or more computer readable storage devices and configured to execute the plurality of computer executable instructions in order to cause the computer system to: access an email data item transmitted to one or more of the users of respective computerized devices within the network of the organization, the email data item including at least a subject and a sender, the email data item potentially associated with phishing activity; designate the accessed email data item as a seed; and generate a data item cluster based on the data clustering strategy by at least: adding the seed to the data item cluster; determining the subject and the sender associated with the seed; identifying one or more of the plurality of email data items having a same subject as the determined subject or a same sender as the determined sender; adding the identified one or more email data items to the data item cluster; parsing one or more URLs from the email data items of the data item cluster; adding the parsed URLs to the data item cluster; identifying one or more users who are both recipients of at least one of the email data items of the data item cluster and visitors of one of the URLs of the data item cluster; adding the identified one or more users, including data related to the one or more users, to the data item cluster; identifying additional one or more data items associated with any data items of the data item cluster; and adding, to the data item cluster, the additional one or more data items. 2. The computer system of claim 1 , wherein generating the data item cluster based on the data clustering strategy further comprises: determining any new subjects or new senders associated with email data items of the data item cluster that are different from the determined subjects or the determined senders; identifying a second one or more of the plurality of email data items having a same subject as the determined new subject, or a same sender as the determined new sender; and adding the identified second one or more email data items to the data item cluster. 3. The computer system of claim 1 , wherein the identified one or more email data items are added to the data item cluster only if received by one or more computerized devices within the network within a predetermined period of time from a time that the seed was received. 4. The computer system of claim 3 , wherein the period of time comprises at least one of a number of hours, a number of days, or a number of weeks. 5. The computer system of claim 3 , wherein the predetermined period of time is further determined based on other email data items in the data item cluster. 6. The computer system of claim 1 , wherein identifying the one or more users further comprises: scanning communications on the communications network of the organization so as to generate phishing-related data items including URLs visited by particular users; extracting recipients of the email data items of the data item cluster associated with respective parsed URLs; and for any parsed URL matching a URL visited by a particular user, if the extracted recipient of the email data item associated with the parsed URL matches the particular user, then identifying the user. 7. The computer system of claim 6 , wherein the communications are continuously scanned via a proxy. 8. The computer system of claim 1 , wherein the one or more hardware computer processors are further configured to execute the plurality of computer executable instructions in order to cause the one or more hardware computer processors to: continuously receive email data items from users of respective computing devices of the organization, designate the received email data items as seeds, and generate data items clusters based on the data clustering strategy. 9. The computer system of claim 1 , wherein the data related to the one or more users includes an organizational position associated with the user. 10. A computer system comprising: one or more computer readable storage devices configured to store: a plurality of computer executable instructions; a data clustering strategy; and a plurality of data items including at least: a plurality of email data items, each of the plurality of email data items including at least a subject and a sender, each of the plurality of email data items potentially associated with phishing activity; and a plurality of phishing-related data items related to customers of an organization, the plurality of phishing-related data items including indicators of at least one of: customers of the organization or URLs identified as malicious by a third-party service; and one or more hardware computer processors in communication with the one or more computer readable storage devices and configured to execute the plurality of computer executable instructions in order to cause the computer system to: receive a plurality of email data items from customers of the organization, each of the email data items including at least a subject and a sender, each of the email data items potentially associated with phishing activity; designate each of the received email data items as seeds; and for each of the designated seeds, generate a data item cluster based on the data clustering strategy by at least: adding the seed to the data item cluster; determining the subject and the sender associated with the seed; accessing the one or more computer readable storage devices and identifying one or more of the plurality of email data items having a same subject as the determined subject or a same sender as the determined sender; adding the identified one or more email data items to the data item cluster; parsing one or more URLs from the email data items of the data item cluster; adding the URLs to the data item cluster; in response to determining that the data item cluster includes at least a predetermined threshold quantity of email data items, designating the data item cluster as a campaign cluster; identifying additional one or more data items associated with any data items of the data item cluster; and adding, to the data item cluster, the additional one or more data items. 11. The computer system of claim 10 , wherein the one or more hardware computer processors are further configured to execute the plurality of computer executable instructions in order to cause the one or more hardware computer processors to: for each campaign cluster, initiate further automated investigation including at least: comparing URLs included in the campaign cluster with URLs previously identified as malicious by a third-party service; based on the comparing, identify