Anti-phishing: A comprehensive perspective

Abstract

Phishing is a form of deception technique that attackers often use to acquire sensitive information related to individuals and organizations fraudulently. Although Phishing attacks have been known for more than two decades, and there is ongoing research for developing effective techniques against these attacks, the increasing trend of attacks confirms the lack of robust solutions and techniques against these attacks. According to Trend Micro, over 90 percent of all Cybersecurity attacks begin with spear Phishing emails and hence there is a need for comprehensive research in the area of anti-Phishing to improve the overall Cybersecurity landscape. This paper, therefore, performs a comprehensive study and analysis of past research work in anti-Phishing. The survey also tries to study various relationships such as those between the Phishers and the motives behind Phishing and explores/assesses various tactics that are employed for launching Phishing attacks. Highlighting the role of social and cognitive factors in the success of a Phishing attack which was not focused on in earlier reviews, is one of the major contributions of this work. The paper also provides a detailed understanding of the types of Phishers and the type of Phishing performed by them with a comprehensive classification of anti-Phishing detection/prevention/awareness solutions through a systematic literature review. The contributions of leading organizations and their active role through various anti-Phishing products are also discussed in this paper to bring light to the research and development happening in the industry with respect to anti-Phishing. Finally, the cyber laws to handle Phishing attacks in various countries have been presented for readers’ interest. We believe this survey brings new knowledge and a comprehensive perspective to its readers from academia and industry to explore new horizons for research activities in anti-Phishing. © 2023 Elsevier Ltd