Home   >   CSC-OpenAccess Library   >    Manuscript Information
The State of Phishing Attacks and Countermeasures
Sameer Abufardeh, Bouchaib Falah
Pages - 54 - 71     |    Revised - 30-08-2023     |    Published - 01-10-2023
Volume - 17   Issue - 4    |    Publication Date - October 2023  Table of Contents
Phishing Email, Social Engineering, Phishing Types, Phishing Countermeasures, Phishing Prevention.
Phishing is a cybercrime where criminals employ various deceptive techniques to obtain personal information from individuals. There are multiple facets of phishing attacks. These include what Phishing is, known phishing types, and methods used to protect users' personal information. While many tools are being used to protect users from phishing attacks, phishing attacks are increasing, its methods and tactics are changing, and more victims are falling for them. The first line of defense in protecting people from phishing attacks is, understanding the dynamics of Phishing and the psychology of both the attacker and the victim, and analyzing users' decisionmaking strategies in reaction to phishing attacks. This paper is intended to examine the multiple facets of phishing attacks to enhance our understanding of an extremely challenging issue for the IT community as the first step to curb the effects of this persistent crime.By understanding and implementing robust phishing defenses, individuals and organizations can mitigate the risks posed by this prevalent cyber threat, fostering a safer and more secure online environment for everyone.
Abu-Nimeh, S., & Nair, S. (2008). Bypassing security toolbars and phishing filters via dns poisoning. In IEEE GLOBECOM 2008-2008 IEEE Global Telecommunications Conference (pp. 1-6).
Aburrous, M. R., Hossain, A., Dahal, K., & Thabatah, F. (2009). Modelling intelligent phishing detection system for e-banking using fuzzy data mining. In 2009 International Conference on CyberWorlds (pp. 265-272).
Aloul, F. A. (2012). The need for effective information security awareness. Journal of advances in information technology, 3(3), 176-183.
Alsharnouby, M., Alaca, F., & Chiasson, S. (2015). Why Phishing still works: User strategies for combating phishing attacks. International Journal of Human-Computer Studies,82, 69- 82. doi:10.1016/j.ijhcs.2015.05.005
Altaher, A. (2017). Phishing Websites Classification using Hybrid SVM and KNN Approach. International Journal of Advanced Computer Science and Applications(IJACSA), 8(6), 2017.
APWG (2022). APWG Phishing Activity Trends Reports (2022) anti-phishing work Group, IncAvailable at: https://apwg.org/trendsreports/ (Accessed Aug.. 20, 2023).
Arachchilage, N. A. G., & Love, S. (2014). Security awareness of computer users: A phishing threat avoidance perspective. Computers in Human Behavior, 38, 304-312.
Arun Kulkarni and Leonard L. Brown III, (2019)."Phishing Websites Detection using Machine Learning". International Journal of Advanced Computer Science and Applications (IJACSA), 10(7).
Bahjet, H., & Wahab, A. (2020). Detect and prevent Phishing based on hybrid approach. AL-Mansour Journal, 33, 1-25.
Baral, G., & Arachchilage, N. A. G. (2019). Building confidence not to be phished through a gamified approach: conceptualizing user's self-efficacy in phishing threat avoidance behavior. In 2019 cybersecurity and cyber forensics conference (CCC), (pp. 102-110).
Barracuda Enterprise Email Security Q2 (2019). Staying Safe from Phishing Attacks. https://blog.lastpass.com/2016/01/staying-safe-from-phishing-attacks.html/
Binks, A. (2019). The art of Phishing: past, present and future. Computer Fraud & Security, 2019(4), 9-11.
Butler, R. (2007). A framework of anti-phishing measures aimed at protecting the online consumer's identity. The Electronic Library, Volume 25, Number 5, 2007, pp. 517-533(17). Emerald Group Publishing Limited. DOI: https://doi.org/10.1108/02640470710829514
Chorghe, S.P., Shekokar, N. (2016). A survey on anti-phishing techniques in mobile phones. In: 2016 International Conference on Inventive Computation Technologies (ICICT), pp. 1-5.
Chou, N., Ledesma, R., Teraguchi, Y., & Mitchell, J.C. (2004). Client-Side Defense Against Web-Based Identity Theft. Network and Distributed System Security Symposium.
Cisco Umbrella. (2021). "Cybersecurity threat trends: phishing, crypto top the list," https://umbrella.cisco.com/info/2021-cyber-security-threat-trends-phishing-crypto-top-the-list.
Cloudmark Security Platform for Email, (2023). https://www.cloudmark.com/en/products/email-messaging-security/cloudmark-platform-for-email
Code42: The Annual Data Exposure Report: 2023 (2023). https://www.code42.com/resources/reports/2023-data-exposure? (Accessed, May 2023).
Cook DL, Gurbani VK, Daniluk M. (2008). Phishwish: a stateless phishing filter using minimal rules. In: Tsudik G (ed) Financial cryptography and data security. Springer, Berlin, pp 182-186.
Danuvasin, C. (2011). Phishing: A field experiment. International Journal of Computer Science and Security (IJCSS),5(2), 277-286.
De Bruijn, H., & Janssen, M. (2017). Building cybersecurity awareness: The need for evidence-based framing strategies. Government Information Quarterly, 34(1), 1-7.
Debra L. Cook, Vijay K. Gurbani, Michael Daniluk. (2008). Phishwish: A Stateless Phishing Filter Using Minimal Rules Financial Cryptography and Data Security, 2008, Volume 5143 ISBN: 978-3-540-85229-2.
Dodge, R., Rovira, E., Zachary, R., & Joseph, S. (2011). Phishing awareness exercises. In Proc. of the 15th colloquium for Information Systems Security Education (pp. 13-15).
Fatima, R., Yasin, A., Liu, L., & Wang, J. (2019). How persuasive is a phishing email? A phishing game for phishing awareness. Journal of Computer Security, 27(6), 581-612.
G. Tyagi, K. Ahmad and M. N. Doja (2014). "A novel framework for password securing system from key-logger spyware," 2014 International Conference on Issues and Challenges in Intelligent Computing Techniques (ICICT), Ghaziabad, India, 2014, pp. 70-74, doi: 10.1109/ICICICT.2014.6781255.
GOV.UK (2020). Cyber security breaches survey 2020. Available at: https://www.gov.uk/government/publications/cyber-security-breaches-survey-2020/cyber-security-breaches-survey-2020 (Accessed June13, 2022).
Gupta, B. B., & Jain, A. K. (2020). Phishing attack detection using a search engine and heuristics-based technique. Journal of Information Technology Research (JITR), 13(2), 94- 109.
Gupta, B. B., Tewari, A., Jain, A. K., & Agrawal, D. P. (2016). Fighting against phishing attacks: State of the art and future challenges. Neural Computing and Applications,28(12), 3629- 3654. doi:10.1007/s00521-016-2275-y.
H. Yuan, X. Chen, Y. Li, Z. Yang and W. Liu.(2018). "Detecting Phishing Websites and Targets Based on URLs and Webpage Links," 2018 24th International Conference on Pattern Recognition (ICPR), Beijing, China, 2018, pp. 3669-3674, doi: 10.1109/ICPR.2018.8546262.
Higashino, M., Kawato, T., Ohmori, M., & Kawamura, T. (2019). An anti-phishing training system for security awareness and education considering prevention of information leakage. In 2019 5th international conference on information management (ICIM) (pp. 82-86).
IBM Security Report, (2022). Cost of a data breach 2022 A million-dollar race to detect and respond (2023). Retrieved from https://www.ibm.com/reports/data-breach?utm_content=SRCWW&p1=Search&p4=43700072379268688&p5=p&gclid=Cj0KCQjwyLGjBhDKARIsAFRNgW_W00uTBdSfBw-sB_2DeqQU-gM80Pld30mzor2HfXNRCZszDLyiYBgaAuW8EALw_wcB&gclsrc=aw.ds.
J. Mao, W. Tian, P. Li, T. Wei and Z. Liang.(n.d.). "Phishing-Alarm: Robust and Efficient Phishing Detection via Page Component Similarity," in IEEE Access, vol. 5, pp. 17020-17030, 2017, doi: 10.1109/ACCESS.2017.2743528.
Jain AK, Gupta BB, (2021). A survey of phishing attack techniques, defence mechanisms and open research challenges. Enterp Inf Syst. 2022;16(4):527-565.
Jansen, J., & Schaik, P. V. (2019). The design and evaluation of a theory-based intervention to promote security behavior against Phishing. International Journal of Human-Computer Studies,123, 40-55.
Kerner, S. M. (2019). Phishing Attacks Continue to Rise, Proofpoint Reports. EWeek, N.PAG.
Khonji, M., Jones, A., & Iraqi, Y. (2011). A novel phishing classification based on url features. In 2011 IEEE GCC conference and exhibition (GCC) (pp. 221-224).
Kirda, E., & Kruegel, C. (2006). Protecting users against phishing attacks. The Computer Journal, 49(5), 554-561.
Kumaraguru, P., Sheng, S., Acquisti, A., Cranor, L. F., & Hong, J. (2010). Teaching Johnny not to fall for phish. ACM Transactions on Internet Technology (TOIT), 10(2), 1-31.
Kunju M.V., Esther D., Anthony H. C. &BhelwaS. (2019). "Evaluation of Phishing Techniques Based on Machine Learning," 2019 International Conference on Intelligent Computing and Control Systems (ICCS), Madurai, India, 2019, pp. 963-968, doi: 10.1109/ICCS45141.2019.9065639.
Likarish P, Dunbar D, Hansen TE. (2008). Phishguard: a browser plug-in for protection from Phishing. In: 2nd International Conference on Internet multimedia services architecture and applications, IMSAA, Bangalore, India, pp 1- 6.
Liu G, Qiu B, Wenyin L. (2010). Automatic detection of phishing target from phishing webpage. In: Pattern recognition (ICPR), 2010 20th international conference, Istanbul, Turkey, Aug 2010, pp 4153-4156
M. Ester, et al.(2012). "A density-based algorithm for discovering clusters in large spatial databases with noise," in Kdd, 1996, pp. 226-231. Purkait, S. Phishing countermeasures and their effectiveness-literature review. Information Management & Computer Security, 20(5), 382-420.
M. Khonji, Y. Iraqi and A. Jones, (2023). "Phishing Detection: A Literature Survey," in IEEE Communications Surveys & Tutorials, vol. 15, no. 4, pp. 2091-2121, Fourth Quarter 2013, doi: 10.1109/SURV.2013.032213.00009.
MacAfee Knowledge Center. (2022). How to recognize and protect yourself from Phishing. https://service.mcafee.com/webcenter/portal/cp/home/articleview?locale=en-US&articleId=TS101810
Marforio, C., Masti, R. J., Soriente, C., Kostiainen, K., and Capkun, S. (2015). Personalized security indicators to detect application phishing attacks in mobile platforms. Available at: http://arxiv.org/abs/1502.06824.
Microsoft (2020). Exploiting a crisis: how cybercriminals behaved during the outbreak. Available at: https://www.microsoft.com/security/blog/2020/06/16/exploiting-a-crisis-how-cybercriminals-behaved-during-the-outbreak/ (Accessed May 21, 2022).
Montazer, G. A., & ArabYarmohammadi, S. (2015). Detection of phishing attacks in Iranian e-banking using a fuzzy-rough hybrid system. Applied Soft Computing, 35, 482-492.
Moore, T., & Clayton, R. (2012). Discovering phishing dropboxes using email metadata. In 2012 eCrime Researchers Summit (pp. 1-9).
Peng T., Harris I., &Sawa Y. (2018). "Detecting Phishing Attacks Using Natural Language Processing and Machine Learning," 2018 IEEE 12th International Conference on Semantic Computing (ICSC), Laguna Hills, CA, USA, 2018, pp. 300-301, doi: 10.1109/ICSC.2018.00056.
PishGuard. A comprehensive phishing simulation solution(n.d.). https://cerebra.sa/products/phishguard/.
R. Aravindhan, R. Shanmugalakshmi, K. Ramya and Selvan C., "Certain investigation on web application security: Phishing detection and phishing target discovery," (2016). 3rd International Conference on Advanced Computing and Communication Systems (ICACCS), Coimbatore, India, 2016, pp. 1-10, doi: 10.1109/ICACCS.2016.7586405.
Radha Damodaram,M.L.Valarmathi, (2011). Phishing Website Detection Using Particle Swarm Optimization Technique. International Journal of Computer Science and Security (IJCSS), 5(5), PP 477 - 490
RISKIQ (2020). InvestigateCOVID-19 cybercrime weekly update. Available at: https://www.riskiq.com/blog/analyst/covid19-cybercrime-update/%0D (Accessed Feb6, 2023).
Rodrguez, G., Torres, J., Flores, P., Benavides, E., & Proao, P. (2020). Trusted Phishing: A Model to Teach Computer Security Through the Theft of Cookies. In Advances in Emerging Trends and Technologies: Volume 2 (pp. 390-401). Springer International Publishing.
Sahingoz, O. K., Buber, E., Demir, O., & Diri, B. (2019). Machine learning-based phishing detection from URLs. Expert Systems with Applications, 117, 345-357.
Sahoo, P. K. (2018). Data mining a way to solve Phishing Attacks. In 2018 International Conference on Current Trends towards Converging Technologies (ICCTCT) (pp. 1-5).
Threat Group-4127 Targets Google Accounts(2016). https://www.secureworks.com/research/threat-group-4127-targets-google-accounts, IBM security.
V. Lyashenko, O. Kobylin and M. Minenko, "Tools for Investigating the Phishing Attacks Dynamics," (2018).International Scientific-Practical Conference Problems of Infocommunications. Science and Technology (PIC S&T), Kharkiv, Ukraine, 2018, pp. 43-46, doi: 10.1109/INFOCOMMST.2018.8632100.
Vanita McAfee® WebAdvisor. (n.d.). https://www.mcafee.com/consumer/en-us/store/m0/catalog/ mwad_528/mcafee-web-advisor.html (Accessed, May 2023).
Wosah, N. P., & Win, T. (2021). Phishing mitigation techniques: A literature survey. International Journal of Network Security & Its Applications (IJNSA) Vol.13, No.2, March 2021
Wu M, Miller RC, Garfinkel SL.(2006). Do security toolbars actually prevent phishing attacks? In: Proceedings of the SIGCHI conference on human factors in computing systems, ser. CHI06, New York, NY, USA, pp 601-610.
Associate Professor Sameer Abufardeh
Computer, Electrical, and Software Engineering Dept, EmbryRiddle Aeronautical University, Prescott, AZ, 86301 - United States of America
Dr. Bouchaib Falah
School of Science and Engineering, Al Akhawayn University, Irfan - Morocco

View all special issues >>