A Survey on Phishing Attacks in Cyberspace

Authors

  • Marran Zabin Aldossari The University of North Carolina at Charlotte, Charlotte, North Carolina, USA Shaqra University, Riyadh, Saudi Arabia

Keywords:

social network attacks, spear phishing, angler phishing, phishing detection

Abstract

Phishing is a type of cyber attack in which cybercriminals use various advanced techniques to deceive people, such as creating fake webpages or malicious e-mails. The objective of phishing attacks is to gather personal data, money, or personal information from victims illegally. The primary aim of this review is to survey the literature on phishing attacks in cyberspace. It discusses different types of phishing attacks, such as spear phishing, e-mail spoofing, phone phishing, web spoofing, and angler phishing, as well as negative consequences they may cause for people. Phishing is typically carried out through different delivery methods such as e-mail, phone calls, or messaging. Victims of phishing are usually either not sensitive to privacy protection or do not have enough knowledge about social engineering attacks to know they are at risk. In addition, this paper introduces different methods for detecting phishing attacks. The last section discusses certain limitations of existing studies on phishing detection and potential future research

References

S. Ali, N. Islam, A. Rauf, and I. U. Din, “Privacy and Security Issues in Online Social Networks,” J. Futur. Internet, pp. 1–12, 2018.

P. Simulation and A. Module, “A literature survey on social engineering attacks: Phishing attack,” Int. Conf. Comput. Commun. Autom., pp. 537–540, 2016.

D. Zhang, Z. Yan, H. Jiang, and T. Kim, “A domain-feature enhanced classification model for the detection of Chinese phishing e-Business websites,” Inf. Manag., vol. 51, no. 7, pp. 845–853, 2014.

D. N. C. Louise O’Hagan, Prof. Vincent Cunnane, “Angler phishing: criminality in social media,” ECSM 2018 5th Eur. Conf. Soc. Media, no. Limerick Institute of Technology, 2018.

Abbasi, F. M. Zahedi, and Y. Chen, “Phishing Susceptibility : The Good , the Bad , and the Ugly,” Conf. Intell. Secur. Informatics, no. 2, pp. 169–174, 2016.

Benishti, “Devastating phishing attacks dominate 2017,” Haymarket Media Group, 2017. [Online]. Available: https://www.scmagazineuk.com/article/1474174. [Accessed: 26-Jul-2019].

Symantec, “Website security threat report,” 2015.

T. Halevi, N. Memon, and O. Nov, “Spear-Phishing in the Wild: A Real-World Study of Personality, Phishing Self-efficacy and Vulnerability to Spear-Phishing Attacks,” Ssrn, 2015.

Hu and G. Wang, “Revisiting Email Spoofing Attacks,” Cornell Univ., 2018.

S. S. Junxiao Shi, “Phishing,” pp. 1–14, 2012

R. G. N, “A Demographic Analysis to Determine User Vulnerability among Several Categories of Phishing A!acks,” Master Diss., 2018.

M. Jone, “Scam calls on the rise! 95% of people have been targeted in past six months,” Komando.com, 2017. [Online]. Available: https://www.komando.com/happening-now/408294/scam-calls-on-the-rise-95-of-people-have-been-targeted-in-past-six-months.

Kumar, “Best Plan to Protect Against Phone Phishing Attack,” Am. J. Comput. Sci. Inf. Technol., vol. 3, no. 5, pp. 167–172, 2015.

Kumar, “Best Plan to Protect Against Phone Phishing Attack,” Am. J. Comput. Sci. Inf. Technol.

J. L. P. F. and CTO, “2019 phishing trends and intelligence report,” 2019.

M. Jakobsson, “The Human Factor in Phishing What Will Consumers Believe ?,” pp. 1–19.

E. Velasquez, “What Is Angler Phishing and How Can You Avoid It?,” Experian Inf. Solut. Inc, 2018.

F. International, “Angler Phishing: The Risks and Dangers of Fake Social Media Brand Profiles – Part 1,” 2017.

Proofpoint, “Angler Phishing Protection,” 2018.

N. Abdelhamid, A. Ayesh, and F. Thabtah, “Expert Systems with Applications Phishing detection based Associative Classification data mining,” Expert Syst. Appl., vol. 41, no. 13, pp. 5948–5959, 2014.

J. A. Chaudhry, S. A. Chaudhry, and R. G. Rittenhouse, “Phishing attacks and defenses,” Int. J. Secur. its Appl., vol. 10, no. 1, pp. 247–256, 2016.

N. A. G. Arachchilage, S. Love, and K. Beznosov, “Phishing threat avoidance behaviour: An empirical investigation,” Comput. Human Behav., vol. 60, pp. 185–197, 2016.

J. Hong, “The state of phishing attacks,” Commun. ACM, vol. 55, no. 1, p. 74, 2012.

S. Sheng et al., “Anti-Phishing Phil: the design and evaluation of a game that teaches people not to fall for phish,” SOUPS ’07 Proc. 3rd Symp. Usable Priv. Secur., pp. 88–99, 2007.

S. S. B et al., “Teaching Phishing-Security: Which Way is Best?,” Int. Fed. Inf., vol. 428, no. Springer International Publishing Switzerland 2016, pp. 135–149, 2016.

Kunz, M. Volkamer, S. Stockhardt, S. Palberg, T. Lottermann, and E. Piegert, “NoPhish: Evaluation of a web application that teaches people being aware of phishing attacks,” p. 509, 2016.

Vayansky and S. Kumar, “Phishing – challenges and solutions,” Comput. Fraud Secur., vol. 2018, no. 1, pp. 15–20, 2018.

Y. Zhu, J. He, Y. Heights, and C. Science, “Social Phishing,” Commun. ACM 50, pp. 1–7, 2018.

R. M. Mohammad, F. Thabtah, and L. McCluskey, “Tutorial and critical analysis of phishing websites methods,” Comput. Sci. Rev., vol. 17, pp. 1–24, 2015.

Z. Yang, C. Qiao, W. Kan, and J. Qiu, “Phishing Email Detection Based on Hybrid Features,” IOP Conf. Ser. Earth Environ. Sci., vol. 252, p. 042051, 2019.

J. Lee and D. Kim, “Heuristic-based Approach for Phishing Site Detection Using URL Features,” Adv. Comput. Electron. Electr. Technol., pp. 131–135, 2015.

Downloads

Published

2021-12-13

How to Cite

Marran Zabin Aldossari. (2021). A Survey on Phishing Attacks in Cyberspace. International Journal of Computer (IJC), 41(1), 46–58. Retrieved from https://www.ijcjournal.org/index.php/InternationalJournalOfComputer/article/view/1902

Issue

Vol. 41 No. 1 (2021)

Section

Articles

License

Authors who submit papers with this journal agree to the following terms