A survey of phishing attacks: Their types, vectors and technical approaches

@article{Chiew2018ASO,
  title={A survey of phishing attacks: Their types, vectors and technical approaches},
  author={Kang Leng Chiew and Kelvin S. C. Yong and Choon Lin Tan},
  journal={Expert Syst. Appl.},
  year={2018},
  volume={106},
  pages={1-20}
}
View via Publisher
ir.unimas.my
130 Citations
Highly Influential Citations
10
Background Citations
58
Methods Citations
5

130 Citations

Phishing Attacks Survey: Types, Vectors, and Technical Approaches
TLDR
The aims of this paper are to build awareness of phishing techniques, educate individuals about these attacks, and encourage the use ofphishing prevention techniques, in addition to encouraging discourse among the professional community about this topic.
A survey of phishing attack techniques, defence mechanisms and open research challenges
TLDR
This paper will help the different users in avoiding phishing attacks while using Internet for their day-to-day activities, and will guide business administrators in designing new effective solutions for their enterprise against various types of phishing threats.
A Systematic Literature Review on Phishing and Anti-Phishing Techniques
TLDR
Research study evaluated that spear phishing, Email Spoofing, Email Manipulation and phone phishing are the most commonly used phishing techniques and according to the SLR, machine learning approaches have the highest accuracy of preventing and detecting phishing attacks among all other anti-phishing approaches.
Taxonomy of Cybersecurity Awareness Delivery Methods: A Countermeasure for Phishing Threats
TLDR
A new taxonomy of the most common cybersecurity training delivery methods and compare them along various factors is developed and offers a clearer understanding of the main challenges, the existing solution space, and the potential scope of future research to be addressed.
Web phishing detection techniques: a survey on the state-of-the-art, taxonomy and future directions
TLDR
A systematic review of current trends in webphishing detection techniques is carried out and a taxonomy of automated web phishing detection is presented and the research avenues for future investigation are discussed.
SoK: A Comprehensive Reexamination of Phishing Research From the Security Perspective
TLDR
This work reexamines the existing research on phishing and spear phishing from the perspective of the unique needs of the security domain, which includes real-time detection, active attacker, dataset quality and base-rate fallacy, and surveys the existing phishing/spear phishing solutions in their light.
Waste Flooding: A Phishing Retaliation Tool
TLDR
A new response tool is presented that aims to furtively retaliate to phishing attacks by automatic detecting phishing forms and using them to clutter phishing databases with useless information and conceal user data and shows that the tool may be useful as a detection-resistant solution.
Types of anti-phishing solutions for phishing attack
TLDR
A general idea of phishing attack and anti-phishing solutions is presented and it is shown that the academic phishing detection / classification schemes are more useful forphishing detection.
Phishing Security: Attack, Detection, and Prevention Mechanisms
TLDR
The paper provides an overview insight on the phishing security concepts, ranging from various types of phishing attack techniques, phishing detection mechanism to prevention approaches.
Phishing Attacks Digital Trace Analysis for Security Awareness
TLDR
The aim of the work is to simplify the collection of evidence of phishing attacks, and to study the possibility of increasing the security of interaction between participants in network educational projects that are the object of social engineering attacks now.
...
...

References

SHOWING 1-10 OF 84 REFERENCES
Phishing counter measures and their effectiveness - literature review
  • S. Purkait
  • Business, Computer Science
    Inf. Manag. Comput. Secur.
  • 2012
TLDR
The findings reveal that the current anti‐phishing approaches that have seen significant deployments over the internet can be classified into eight categories and the different approaches proposed so far are all preventive in nature.
Phishing Detection: A Literature Survey
TLDR
A high-level overview of various categories of phishing mitigation techniques is presented, such as: detection, offensive defense, correction, and prevention, which it is believed is critical to present where the phishing detection techniques fit in the overall mitigation process.
Behind Identity Theft and Fraud in Cyberspace: The Current Landscape of Phishing Vectors
TLDR
Today’s most adopted phishing vectors by cybercriminals as observed by security vendors, security analysts and anti-phishing campaigners are examined to conclude that almost of all today's phishing attacks begin with spear phishing.
A Survey of Phishing Email Filtering Techniques
TLDR
This is the first comprehensive survey to discuss methods of protection against phishing email attacks in detail, and presents an overview of the various techniques presently used to detect phishing emails, at the different stages of attack, mostly focusing on machine-learning techniques.
An Approach To Perceive Tabnabbing Attack
The growth of Internet has many pros and cons to mankind, which is easily visible in day to day activities. The growth of Internet has also manifested into the other domain of cyber crimes. Phishing,
Phishing - A Growing Threat to E-Commerce
TLDR
Various phishing approaches that include vishing, spear phishng, pharming, keyloggers, malware, web Trojans, and others will be discussed.
An Analysis of the Asprox Botnet
  • R. Borgaonkar
  • Computer Science
    2010 Fourth International Conference on Emerging Security Information, Systems and Technologies
  • 2010
TLDR
The architecture of a contemporary advanced bot commonly known as Asprox, a type of malware that combines the two threat vectors of forming a botnet and of generating SQL injection attacks, is described.
Achieving a consensual definition of phishing based on a systematic review of the literature
TLDR
This work proposes a new definition that is based upon current ones, which defines phishing in a comprehensive way and addresses all important elements of phishing: ‘phishing is a scalable act of deception whereby impersonation is used to obtain information from a target’.
Banking on phishing
Decision strategies and susceptibility to phishing
TLDR
Preliminary analysis of interviews with 20 non-expert computer users to reveal their strategies and understand their decisions when encountering possibly suspicious emails suggests that people can manage the risks that they are most familiar with, but don't appear to extrapolate to be wary of unfamiliar risks.
...
...