A survey of phishing attacks: Their types, vectors and technical approaches
TLDR
A systematic, comprehensive and easy-to-follow review of the past and current phishing approaches is presented here and will give a better understanding of the characteristics of the existing phishing techniques which then acts as a stepping stone to the development of a holistic anti-phishing system.Abstract:
Phishing was a threat in the cyber world a couple of decades ago and still is today. It has grown and evolved over the years as phishers are getting creative in planning and executing the attacks. Thus, there is a need for a review of the past and current phishing approaches. A systematic, comprehensive and easy-to-follow review of these approaches is presented here. The relevant mediums and vectors of these approaches are identified for each approach. The medium is the platform which the approaches reside and the vector is the means of propagation utilised by the phisher to deploy the attack. The paper focuses primarily on the detailed discussion of these approaches. The combination of these approaches that the phishers utilised in conducting their phishing attacks is also discussed. This review will give a better understanding of the characteristics of the existing phishing techniques which then acts as a stepping stone to the development of a holistic anti-phishing system. This review creates awareness of these phishing techniques and encourages the practice of phishing prevention among the readers. Furthermore, this review will gear the research direction through the types of phishing, while also allowing the identification of areas where the anti-phishing effort is lacking. This review will benefit not only the developers of anti-phishing techniques but the policy makers as well.read more
Citations
More filters
Journal ArticleDOI
Machine learning based phishing detection from URLs
TL;DR: A real-time anti-phishing system, which uses seven different classification algorithms and natural language processing (NLP) based features, is proposed and Random Forest algorithm with only NLP based features gives the best performance with the 97.98% accuracy rate for detection of phishing URLs.
Journal ArticleDOI
A comprehensive survey of AI-enabled phishing attacks detection techniques.
TL;DR: A literature review of Artificial Intelligence techniques: Machine Learning, Deep Learning, Hybrid Learning, and Scenario-based techniques for phishing attack detection for each AI technique is presented and the qualities and shortcomings of these methodologies are examined.
Journal ArticleDOI
Mobile malware attacks: Review, taxonomy & future directions
TL;DR: A comprehensive review of state-of-the-art mobile malware attacks, vulnerabilities, detection techniques and security solutions over the period of 2013–2019 that majorly targeted Android platform is provided.
Journal ArticleDOI
SoK: A Comprehensive Reexamination of Phishing Research From the Security Perspective
TL;DR: This work reexamines the existing research on phishing and spear phishing from the perspective of the unique needs of the security domain, which includes real-time detection, active attacker, dataset quality and base-rate fallacy, and surveys the existing phishing/spear phishing solutions in their light.
Journal ArticleDOI
An In-Depth Benchmarking and Evaluation of Phishing Detection Research for Security Needs
TL;DR: The results show that the imbalanced nature of phishing attacks affects the detection systems’ performance and researchers should take this into account when proposing a new method.
References
More filters
Book ChapterDOI
Findings and Theory in the Study of Fear Communications
TL;DR: A review of the empirical results and theoretical underpinnings of studies of fear arousing communications can be found in this paper, where the authors present an overview of the key components of fear communication experiments and introduce two major theoretical paradigms that can be used to interpret the findings.
Journal ArticleDOI
Social phishing
TL;DR: Sometimes a "friendly" email message tempts recipients to reveal more online than they otherwise would, playing right into the sender's hand.
Proceedings ArticleDOI
Controlling data in the cloud: outsourcing computation without outsourcing control
Richard Chow,Philippe Golle,Markus Jakobsson,Elaine Shi,Jessica Staddon,Ryusuke Masuoka,Jesus Molina +6 more
TL;DR: It is argued that with continued research advances in trusted computing and computation-supporting encryption, life in the cloud can be advantageous from a business intelligence standpoint over the isolated alternative that is more common today.
Journal ArticleDOI
A brief history of the internet
Barry M. Leiner,Vinton G. Cerf,David D. Clark,Robert E. Kahn,Leonard Kleinrock,Daniel C. Lynch,Jon Postel,Larry G. Roberts,Stephen Wolff +8 more
TL;DR: This paper was first published online by the Internet Society in December 20031 and is being re-published in ACM SIGCOMM Computer Communication Review because of its historic import.