A survey of phishing attack techniques, defence mechanisms and open research challenges

ABSTRACT

Phishing is an identity theft, which deceives Internet users into revealing their sensitive data, e.g., login information, credit/debit card details, and so on. Researchers have developed various anti-phishing methods in recent years. However, the problem still exists. Therefore, this paper presents a detailed analysis of phishing attack methods and defense techniques. This survey is presented in five folds. First, we discuss in detail the lifecycle of phishing attack, its history, and motivation behind this attack. Second, we present various distribution methods that are used to spread phishing attacks. Third, we provide taxonomy of various phishing-attacking techniques in desktop and mobile environments. Fourth, we provide numerous phishing protection mechanisms and their comparisons. Finally, the article presents various performance challenges faced by developers while dealing with this crucial attack. This paper also provides the consequences of phishing attacks in emerging domains like mobile and online social networks. This paper will help the different users in avoiding phishing attacks while using Internet for their day-to-day activities, and will guide business administrators in designing new effective solutions for their enterprise against various types of phishing threats.

KEYWORDS:

• Phishing attack
• internet
• social engineering
• web security
• online social network
• mobile security

Disclosure statement

No potential conflict of interest was reported by the authors.

Correction Statement

This article has been republished with minor changes. These changes do not impact the academic content of the article.