Phishing Attacks Detection and Prevention Techniques: An Overview
DOI:
https://doi.org/10.29304/jqcsm.2025.17.11972Keywords:
Phishing, Websites, Attacks, Cybersecurity, Machine Learning, Search EngineAbstract
The rapid rise in global internet usage has resulted in many online services in numerous fields, such as e-commerce, buying and selling goods or services, social networking, and e-government. As a result, there has been a significant rise in sensitive information like personal data exchanged online. The convenient access to this data has caught the attention of cybercriminals, who have invented a type of cyberattack called phishing. The most crucial difficulty in identifying phishing websites is that attackers always develop sophisticated strategies. Creating phishing websites has become progressively easier, enabling attackers to bypass many protections measures easily. To gain a deeper understanding of this phishing strategy and the techniques used by cybersecurity guys to overcome it, a survey will be conducted about the types of phishing attacks and how it is carried out against online users, besides that we will explore the protection techniques and identify their powers and weaknesses. Finally, some solutions will be proposed to maintain the availability, robustness, and integrity of phishing attacks proposed solutions models.
Downloads
References
V. Bharath, H. L. Gururaj, B. C. Soundarya, and L. Girish, “Introduction to Social Engineering: The Human Element of Hacking,” in Social Engineering in Cybersecurity, CRC Press, 2024, pp. 1–25.
S. Kavya and D. Sumathi, “Staying ahead of phishers: a review of recent advances and emerging methodologies in phishing detection,” Artif Intell Rev, vol. 58, no. 2, p. 50, 2024.
IBM, “Cost of a Data Breach,” 2024. Accessed: Jan. 10, 2025. [Online]. Available: https://www.ibm.com/reports/data-breach
A. S. O. K. E. H.-V. A. H. F. NGUYET QUANG DO, “Deep Learning for Phishing Detection: Taxonomy, Current Challenges and Future Directions,” 2022.
P. H. Kyaw, J. Gutierrez, and A. Ghobakhlou, “A Systematic Review of Deep Learning Techniques for Phishing Email Detection,” Electronics (Basel), vol. 13, no. 19, p. 3823, 2024.
R. K. Ayeni, A. A. Adebiyi, J. O. Okesola, and E. Igbekele, “Phishing Attacks and Detection Techniques: A Systematic Review,” in 2024 International Conference on Science, Engineering and Business for Driving Sustainable Development Goals (SEB4SDG), IEEE, 2024, pp. 1–17.
Lookout, “The Global State of Mobile Phishing,” 2022. Accessed: Jan. 15, 2025. [Online]. Available: https://www.lookout.com/documents/reports/Global-State-of-Mobile-Phishing-Report.pdf
E. Yuvarani and P. M. Gomathi, “Security issues on Forensics Applications by Dynamic Malware injection–A Review,” in 2024 8th International Conference on Electronics, Communication and Aerospace Technology (ICECA), IEEE, 2024, pp. 573–579.
F. M. Teichmann and S. R. Boticiu, “Phishing attacks: risks and challenges for law firms,” International Cybersecurity Law Review, pp. 1–8, 2024.
S. Sheng et al., “Anti-phishing phil: the design and evaluation of a game that teaches people not to fall for phish,” in Proceedings of the 3rd symposium on Usable privacy and security, 2007, pp. 88–99.
N. A. G. Arachchilage, S. Love, and K. Beznosov, “Phishing threat avoidance behaviour: An empirical investigation,” Comput Human Behav, vol. 60, pp. 185–197, 2016.
A. Kulkarni, V. Balachandran, and T. Das, “Phishing Webpage Detection: Unveiling the Threat Landscape and Investigating Detection Techniques,” IEEE Communications Surveys & Tutorials, 2024.
A. Oest, Y. Safaei, A. Doupé, G.-J. Ahn, B. Wardman, and K. Tyers, “Phishfarm: A scalable framework for measuring the effectiveness of evasion techniques against browser phishing blacklists,” in 2019 IEEE Symposium on Security and Privacy (SP), IEEE, 2019, pp. 1344–1361.
I. Skula and M. Kvet, “Domain blacklist efficacy for phishing web-page detection over an extended time period,” in 2023 33rd Conference of Open Innovations Association (FRUCT), IEEE, 2023, pp. 257–263.
R. S. Rao and S. T. Ali, “A computer vision technique to detect phishing attacks,” in 2015 Fifth International Conference on Communication Systems and Network Technologies, IEEE, 2015, pp. 596–601.
A. Aljofey, Q. Jiang, Q. Qu, M. Huang, and J.-P. Niyigena, “An effective phishing detection model based on character level convolutional neural network from URL,” Electronics (Basel), vol. 9, no. 9, p. 1514, 2020.
J. Ma, L. K. Saul, S. Savage, and G. M. Voelker, “Beyond blacklists: learning to detect malicious web sites from suspicious URLs,” in Proceedings of the 15th ACM SIGKDD international conference on Knowledge discovery and data mining, 2009, pp. 1245–1254.
A. K. Jain and B. B. Gupta, “PHISH-SAFE: URL features-based phishing detection system using machine learning,” in Cyber Security: Proceedings of CSI 2015, Springer, 2018, pp. 467–474.
J. Kumar, A. Santhanavijayan, B. Janet, B. Rajendran, and B. S. Bindhumadhava, “Phishing website classification and detection using machine learning,” in 2020 international conference on computer communication and informatics (ICCCI), IEEE, 2020, pp. 1–6.
Y. Sonmez, T. Tuncer, H. Gokal, and E. Avci, “Phishing web sites features classification based on extreme learning machine,” in 2018 6th International Symposium on Digital Forensic and Security (ISDFS), 2018, pp. 1–5.
G. Xiang, J. Hong, C. P. Rose, and L. Cranor, “Cantina+ a feature-rich machine learning framework for detecting phishing web sites,” ACM Transactions on Information and System Security (TISSEC), vol. 14, no. 2, pp. 1–28, 2011.
A. Odeh, I. Keshta, and E. Abdelfattah, “Machine learningtechniquesfor detection of website phishing: A review for promises and challenges,” in 2021 IEEE 11th Annual Computing and Communication Workshop and Conference (CCWC), IEEE, 2021, pp. 813–818.
N. Al-Milli and B. H. Hammo, “A convolutional neural network model to detect illegitimate URLs,” in 2020 11th International Conference on Information and Communication Systems (ICICS), IEEE, 2020, pp. 220–225.
S. Mahdavifar and A. A. Ghorbani, “DeNNeS: deep embedded neural network expert system for detecting cyber attacks,” Neural Comput Appl, vol. 32, no. 18, pp. 14753–14780, 2020.
M. Somesha, A. R. Pais, R. S. Rao, and V. S. Rathour, “Efficient deep learning techniques for the detection of phishing websites,” Sādhanā, vol. 45, pp. 1–18, 2020.
Y. Huang, Q. Yang, J. Qin, and W. Wen, “Phishing URL detection via CNN and attention-based hierarchical RNN,” in 2019 18th IEEE International Conference On Trust, Security And Privacy In Computing And Communications/13th IEEE International Conference On Big Data Science And Engineering (TrustCom/BigDataSE), IEEE, 2019, pp. 112–119.
H. Wang, L. Yu, S. Tian, Y. Peng, and X. Pei, “Bidirectional LSTM Malicious webpages detection algorithm based on convolutional neural network and independent recurrent neural network,” Applied Intelligence, vol. 49, pp. 3016–3026, 2019.
T. Feng and C. Yue, “Visualizing and interpreting rnn models in url-based phishing detection,” in Proceedings of the 25th ACM Symposium on Access Control Models and Technologies, 2020, pp. 13–24.
L. Yuan, Z. Zeng, Y. Lu, X. Ou, and T. Feng, “A character-level BiGRU-attention for phishing classification,” in Information and Communications Security: 21st International Conference, ICICS 2019, Beijing, China, December 15–17, 2019, Revised Selected Papers 21, Springer, 2020, pp. 746–762.
S. Al-Ahmadi, “PDMLP: phishing detection using multilayer perceptron,” International Journal of Network Security & Its Applications (IJNSA) Vol, vol. 12, 2020.
N. Q. Do, A. Selamat, O. Krejcar, and H. Fujita, “Detection of malicious URLs using Temporal Convolutional Network and Multi-Head Self-Attention mechanism,” Appl Soft Comput, vol. 169, p. 112540, 2025.
O. Sarker, A. Jayatilaka, S. Haggag, C. Liu, and M. A. Babar, “A Multi-vocal Literature Review on challenges and critical success factors of phishing education, training and awareness,” Journal of Systems and Software, vol. 208, p. 111899, 2024.
D. Li, Q. Chen, and L. Wang, “Phishing Attacks: Detection and Prevention Techniques,” Journal of Industrial Engineering and Applied Science, vol. 2, no. 4, pp. 48–53, 2024.
M. A. Adebowale, K. T. Lwin, and M. A. Hossain, “Intelligent phishing detection scheme using deep learning algorithms,” Journal of Enterprise Information Management, vol. 36, no. 3, pp. 747–766, 2023.
A. Mughaid, S. AlZu’bi, A. Hnaif, S. Taamneh, A. Alnajjar, and E. A. Elsoud, “An intelligent cyber security phishing detection system using deep learning techniques,” Cluster Comput, vol. 25, no. 6, pp. 3819–3828, 2022.
Y. Lin et al., “Phishpedia: A hybrid deep learning based approach to visually identify phishing webpages,” in 30th USENIX Security Symposium (USENIX Security 21), 2021, pp. 3793–3810.
R. S. Rao, T. Vaishnavi, and A. R. Pais, “CatchPhish: detection of phishing websites by inspecting URLs,” J Ambient Intell Humaniz Comput, vol. 11, pp. 813–825, 2020.
A. K. Jain and B. B. Gupta, “A machine learning based approach for phishing detection using hyperlinks information,” J Ambient Intell Humaniz Comput, vol. 10, pp. 2015–2028, 2019.
P. Yi, Y. Guan, F. Zou, Y. Yao, W. Wang, and T. Zhu, “Web phishing detection using a deep learning framework,” Wirel Commun Mob Comput, vol. 2018, no. 1, p. 4678746, 2018.
H. Le, Q. Pham, D. Sahoo, and S. C. Hoi, “URLNet: Learning a URL representation with deep learning for malicious URL detection. arXiv 2018,” arXiv preprint arXiv:1802.03162, 2018.
Downloads
Published
How to Cite
Issue
Section
License
Copyright (c) 2025 Ali A. Alani, Adil Al-Azzawia
This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.
