Phishing Attacks Survey: Types, Vectors, and Technical Approaches

Phishing attacks, which have existed for several decades and continue to be a major problem today, constitute a severe threat in the cyber world. Attackers are adopting multiple new and creative methods through which to conduct phishing attacks, which are growing rapidly. Therefore, there is a need to conduct a comprehensive review of past and current phishing approaches. In this paper, a review of the approaches used during phishing attacks is presented. This paper comprises a literature review, followed by a comprehensive examination of the characteristics of the existing classic, modern, and cutting-edge phishing attack techniques. The aims of this paper are to build awareness of phishing techniques, educate individuals about these attacks, and encourage the use of phishing prevention techniques, in addition to encouraging discourse among the professional community about this topic.

[1]  Nilesh B. Prajapati,et al.  CASE STUDY ON SOCIAL ENGINEERING TECHNIQUES FOR PERSUASION , 2010 .

[2]  Kjell Hausken The precautionary principle as multi-period games where players have different thresholds for acceptable uncertainty , 2021, Reliab. Eng. Syst. Saf..

[3]  Shawon S. M. Rahman,et al.  Exploring Historical and Emerging Phishing Techniques and Mitigating the Associated Security Risks , 2013, ArXiv.

[4]  Tian Lin,et al.  Susceptibility to Spear-Phishing Emails , 2019, ACM Trans. Comput. Hum. Interact..

[5]  Alexander Gutfraind,et al.  Risk analysis beyond vulnerability and resilience - characterizing the defensibility of critical systems , 2019, Eur. J. Oper. Res..

[6]  Steve Mansfield-Devine The imitation game: how business email compromise scams are robbing organisations , 2016 .

[7]  Erik Andersen,et al.  What.Hack: Engaging Anti-Phishing Training Through a Role-playing Phishing Simulation Game , 2019, CHI.

[8]  Leonard Kleinrock,et al.  Comments on "'An early history of the internet' by Leonard Kleinrock" (with author's reply) [Letters to the editor] , 2011 .

[9]  Colin Tankard,et al.  Advanced Persistent threats and how to monitor and deter them , 2011, Netw. Secur..

[10]  Lwin Khin Shar,et al.  Defending against Cross-Site Scripting Attacks , 2012, Computer.

[11]  Markus Jakobsson The Rising Threat of Launchpad Attacks , 2019, IEEE Security & Privacy.

[12]  T. L. McCluskey,et al.  Tutorial and critical analysis of phishing websites methods , 2015, Comput. Sci. Rev..

[13]  Tenzin Dakpa,et al.  Study of Phishing Attacks and Preventions , 2017 .

[14]  Ankit Kumar Jain,et al.  Phishing Detection: Analysis of Visual Similarity Based Approaches , 2017, Secur. Commun. Networks.

[15]  Francisco Chiclana,et al.  A recent review of conventional vs. automated cybersecurity anti-phishing techniques , 2018, Comput. Sci. Rev..

[16]  Tyler Moore,et al.  Examining the impact of website take-down on phishing , 2007, eCrime '07.

[17]  James H. Lambert,et al.  Resilience science, policy and investment for civil infrastructure , 2018, Reliab. Eng. Syst. Saf..

[18]  Richard J. Enbody,et al.  Malvertising – exploiting web advertising , 2011 .

[19]  Kjell Hausken,et al.  Security Investment, Hacking, and Information Sharing between Firms and between Hackers , 2017, Games.

[20]  Alwyn Roshan Pais,et al.  Efficient deep learning techniques for the detection of phishing websites , 2020, Sādhanā.

[21]  Swapan Purkait,et al.  Information Management & Computer Security Phishing counter measures and their effectiveness – literature review , 2016 .

[22]  Edgar R. Weippl,et al.  Advanced social engineering attacks , 2015, J. Inf. Secur. Appl..

[23]  RYAN HEARTFIELD,et al.  A Taxonomy of Attacks and a Survey of Defence Mechanisms for Semantic Social Engineering Attacks , 2015, ACM Comput. Surv..

[24]  Jyotir Moy Chatterjee,et al.  A novel hybrid approach of SVM combined with NLP and probabilistic neural network for email phishing , 2020 .

[25]  Deepak Kumar,et al.  Emerging Threats in Internet of Things Voice Services , 2019, IEEE Security & Privacy.

[26]  Marc Dupuis,et al.  The Use and Non-Use of Cybersecurity Tools Among Consumers: Do They Want Help? , 2019, SIGITE.

[27]  Thomas Nagunwa Behind Identity Theft and Fraud in Cyberspace: The Current Landscape of Phishing Vectors , 2014 .

[28]  Yogita Gigras,et al.  Email phishing: text classification using natural language processing , 2020 .

[29]  Minhui Xue,et al.  GUI-Squatting Attack: Automated Generation of Android Phishing Apps , 2019, IEEE Transactions on Dependable and Secure Computing.

[30]  Wilson Huang,et al.  A Study of Social Engineering in Online Frauds , 2013 .

[31]  Kjell Hausken,et al.  A cost–benefit analysis of terrorist attacks , 2018 .

[32]  Shari Lawrence Pfleeger,et al.  Going Spear Phishing: Exploring Embedded Training and Awareness , 2014, IEEE Security & Privacy.

[33]  Ankit Kumar Jain,et al.  Mobile phishing attacks and defence mechanisms: State of art and open research challenges , 2017, Comput. Secur..

[34]  V. Suganya,et al.  A Review on Phishing Attacks and Various Anti Phishing Techniques , 2016 .

[35]  Christopher N. Gutierrez,et al.  Learning from the Ones that Got Away: Detecting New Forms of Phishing Attacks , 2018, IEEE Transactions on Dependable and Secure Computing.

[36]  Kjell Hausken,et al.  Cyber resilience in firms, organizations and societies , 2020, Internet Things.

[37]  Choon Lin Tan,et al.  A survey of phishing attacks: Their types, vectors and technical approaches , 2018, Expert Syst. Appl..