A literature review on phishing crime, prevention review and investigation of gaps

Phishing is a rapidly growing threat in cyber world and causing billions of dollars in damage every year to internet users. It is an unlawful activity which uses a group of social engineering and technology to collect an Internet user's sensitive information. The identification of phishing techniques can be performed in various methods of communications like email, instant messages, pop-up messages, or at web page level. Over the period, a number of research articles have published with different techniques and procedures but have failed to detect all associated risks and provide a comprehensive solution. This paper presents a theoretical model of CRI to study this threat in a systematic manner. While there is a common perception about the successful phishing attack involves creating an identical messages or website to deceive the internet user however this theory has not been utilized to evaluate this threat and investigate the gaps systematically. Our model attempts to evaluate this crime, review different research perspectives and approaches and investigate the gaps. In this sense, our literature review study is significant to generate attentiveness about phishing in order to boost thoughts and actions to improve the cyber security and gain internet users' confidence.

[1]  Syed Taqi Ali,et al.  A Computer Vision Technique to Detect Phishing Attacks , 2015, 2015 Fifth International Conference on Communication Systems and Network Technologies.

[2]  Marti A. Hearst,et al.  Why phishing works , 2006, CHI.

[3]  Lorrie Faith Cranor,et al.  Decision strategies and susceptibility to phishing , 2006, SOUPS '06.

[4]  Lorrie Faith Cranor,et al.  Phinding Phish: An Evaluation of Anti-Phishing Toolbars , 2007, NDSS.

[5]  Antonio Iera,et al.  The Internet of Things: A survey , 2010, Comput. Networks.

[6]  Jennifer Lynch Identity Theft in Cyberspace: Crime Control Methods and Their Effectiveness in Combating Phishing Attacks , 2005 .

[7]  Dharma P. Agrawal,et al.  Fighting against phishing attacks: state of the art and future challenges , 2016, Neural Computing and Applications.

[8]  Fatemeh Zahedi,et al.  Impact of anti-phishing tool performance on attack success rates , 2012, 2012 IEEE International Conference on Intelligence and Security Informatics.

[9]  Nauman Aslam,et al.  Intelligent phishing detection and protection scheme for online transactions , 2013, Expert Syst. Appl..

[10]  Md. Rafiqul Islam,et al.  A multi-tier phishing detection and filtering approach , 2013, J. Netw. Comput. Appl..

[11]  Simon Brown,et al.  Detecting Phishing Emails Using Hybrid Features , 2009, 2009 Symposia and Workshops on Ubiquitous, Autonomic and Trusted Computing.

[12]  Alamgir Hossain,et al.  Awareness Program and AI based Tool to Reduce Risk of Phishing Attacks , 2010, 2010 10th IEEE International Conference on Computer and Information Technology.

[13]  Li Zhang,et al.  Detection of phishing emails using data mining algorithms , 2015, 2015 9th International Conference on Software, Knowledge, Information Management and Applications (SKIMA).

[14]  Tyler Moore,et al.  Examining the impact of website take-down on phishing , 2007, eCrime '07.

[15]  M. Tariq Banday,et al.  Phishing - A Growing Threat to E-Commerce , 2011, ArXiv.

[16]  Jason Hong,et al.  The state of phishing attacks , 2012, Commun. ACM.

[17]  Lorrie Faith Cranor,et al.  Getting users to pay attention to anti-phishing education: evaluation of retention and transfer , 2007, eCrime '07.

[18]  Sean W. Smith Trusted Paths for Browsers: An Open-Source Solution to Web Spoofing , 2002 .

[19]  Ningxia Zhang,et al.  Phishing Detection Using Neural Network , 2012 .

[20]  J. Doug Tygar,et al.  The battle against phishing: Dynamic Security Skins , 2005, SOUPS '05.

[21]  Frank Stajano,et al.  Understanding scam victims , 2011, Commun. ACM.

[22]  Sean W. Smith,et al.  Trusted paths for browsers , 2002, TSEC.

[23]  Ponnurangam Kumaraguru,et al.  Who falls for phish?: a demographic analysis of phishing susceptibility and effectiveness of interventions , 2010, CHI.

[24]  Christopher Krügel,et al.  Protecting users against phishing attacks with AntiPhish , 2005, 29th Annual International Computer Software and Applications Conference (COMPSAC'05).

[25]  Lorrie Faith Cranor,et al.  Teaching Johnny not to fall for phish , 2010, TOIT.

[26]  Fadi A. Thabtah,et al.  Intelligent phishing detection system for e-banking using fuzzy data mining , 2010, Expert Syst. Appl..

[27]  Swapan Purkait,et al.  Information Management & Computer Security Phishing counter measures and their effectiveness – literature review , 2016 .

[28]  Christopher Krügel,et al.  A layout-similarity-based approach for detecting phishing pages , 2007, 2007 Third International Conference on Security and Privacy in Communications Networks and the Workshops - SecureComm 2007.

[29]  Lorrie Faith Cranor,et al.  Cantina: a content-based approach to detecting phishing web sites , 2007, WWW '07.