Journals : Accents Journal

ACCENTS Journals

A Unit of ACCENTS

(Publisher of Peer Reviewed Open Access Journals)

International Journal of Advanced Technology and Engineering Exploration (IJATEE)

ISSN (Print):2394-5443 ISSN (Online):2394-7454

Volume-9 Issue-89 April-2022

Full-Text PDF

Paper Title

A literature review on classification of phishing attacks

Author Name

S. Chanti and T. Chithralekha

Abstract

Phishing is a type of security threat that loots users’ personal credentials such as online banking, credit card numbers, card verification value (CVV) numbers, automated teller machine (ATM) pins. Phishing scams are done by sending spoofed emails, instant messaging that carry hyperlinks that redirect the users to fake/spoofed sites, and steal their sensitive information. Phishers mainly concentrate on internet users who perform E-banking. Since these E-transactions are inevitable in today’s digital world, many anti-phishing tools are developed to secure the user from phishing attacks. This paper proposes a new definition of phishing based on the intention of phishing and a complete classification of phishing attacks starting the email phishing to the very recent ransomware. This literature provides the classification of phishing attacks and the different possible ways the attacker targets the victims. A statistical analysis on phishing attacks is performed using the data collected from anti-phishing working group (APWG) technical reports to find: (i) top three countries hosting phishing, (ii) top three most affected countries hosting phishing, (iii) top three least affected countries, (iv) top three industry sectors affected by phishing, (v) top three malware used for phishing, and (vi) hypertext transfer protocol secure (HTTPS) enabled phishing uniform resource locator (URL). This study is helpful in understanding the different ways of performing phishing attacks.

Keywords

Phishing, Pharming, Vishing, Ransomware, DNS level phishing, Credential stealing, Social engineering phishing, Malware based phishing, User information control, Domain hijacking, DNS spoofing.

Cite this article

Chanti S, Chithralekha T. A literature review on classification of phishing attacks. International Journal of Advanced Technology and Engineering Exploration. 2022; 9(89):446-476. DOI:10.19101/IJATEE.2021.875031.

References

[1]Kirda E, Kruegel C. Protecting users against phishing attacks with antiphish. In annual international computer software and applications conference 2005 (pp. 517-24). IEEE.
[Crossref]	[Google Scholar]

[2]http://www.phishing.org/history-of-phishing. Accessed 19 February 2018.

[3]Mei Y. Anti-phishing system: detecting phishing e-mail. School of Mathematics and Systems Engineering. 2008.
[Google Scholar]

[4]https://dictionary.cambridge.org/dictionary/english/phishing. Accessed 8 March 2022.

[5]Yadav S, Bohra B. A review on recent phishing attacks in internet. In international conference on green computing and internet of things 2015 (pp. 1312-5). IEEE.
[Crossref]	[Google Scholar]

[6]IRONSCALES. How modern email phishing attacks have organization on the hook. 2017.

[7]APWG. APWG phishing trends report 2nd quarter 2021. 2021.

[8]Alfayoumi IS, Barhoom TS. Client â [euro] Side pharming attacks detection using authoritative domain name servers. International Journal of Computer Applications. 2015; 113(10):26-31.
[Google Scholar]

[9]Ollmann G. The vishing guide. IBM Global Technology Services. 2007:1-16.
[Google Scholar]

[10]PhishMe. Q1 2016 malware review. 2016; 1–15.

[11]https://www.ic3.gov/Media/PDF/AnnualReport/2015_IC3Report.pdf. Accessed 8 March 2022.

[12]Anti-phishing working group. APWG Phishing activity trends report, 2nd quarter 2012.
[Google Scholar]

[13]Chanti S, Chithralekha T. Classification of anti-phishing solutions. SN Computer Science. 2020; 1(1):1-18.
[Crossref]	[Google Scholar]

[14]James D, Philip M. A novel anti phishing framework based on visual cryptography. In international conference on power, signals, controls and computation 2012 (pp. 1-5). IEEE.
[Crossref]	[Google Scholar]

[15]Krishnakumar L, Varughese NM. High speed classification of vulnerabilities in cloud computing using collaborative network security management. In international conference on advanced computing and communication systems 2013 (pp. 1-6). IEEE.
[Crossref]	[Google Scholar]

[16]https://www.bbc.com/news/world-us-canada-41116177. Accessed 30 June 2020.

[17]Musashi Y, Kumagai M, Kubota S, Sugitani K. Detection of Kaminsky DNS cache poisoning attack. In international conference on intelligent networks and intelligent systems 2011 (pp. 121-4). IEEE.
[Crossref]	[Google Scholar]

[18]https://www.cisa.gov/uscert/ncas/alerts/TA18-201A. Accessed 5 April 2022.

[19]Arshad A, Rehman AU, Javaid S, Ali TM, Sheikh JA, Azeem M. A systematic literature review on phishing and anti-phishing techniques. arXiv preprint arXiv:2104.01255. 2021.
[Google Scholar]

[20]Lee J, Lee Y, Lee D, Kwon H, Shin D. Classification of attack types and analysis of attack methods for profiling phishing mail attack groups. IEEE Access. 2021; 9:80866-72.
[Crossref]	[Google Scholar]

[21]Sadiq A, Anwar M, Butt RA, Masud F, Shahzad MK, Naseem S, et al. A review of phishing attacks and countermeasures for internet of things‐based smart business applications in industry 4.0. Human Behavior and Emerging Technologies. 2021; 3(5):854-64.
[Crossref]	[Google Scholar]

[22]Jain AK, Gupta BB. A survey of phishing attack techniques, defence mechanisms and open research challenges. Enterprise Information Systems. 2021; 16(4):527-65.
[Crossref]	[Google Scholar]

[23]Aleroud A, Zhou L. Phishing environments, techniques, and countermeasures: a survey. Computers & Security. 2017; 68:160-96.
[Crossref]	[Google Scholar]

[24]Almomani A, Gupta BB, Atawneh S, Meulenberg A, Almomani E. A survey of phishing email filtering techniques. IEEE Communications Surveys & Tutorials. 2013; 15(4):2070-90.
[Crossref]	[Google Scholar]

[25]Chiew KL, Yong KS, Tan CL. A survey of phishing attacks: their types, vectors and technical approaches. Expert Systems with Applications. 2018; 106:1-20.
[Crossref]	[Google Scholar]

[26]Gupta S, Singhal A, Kapoor A. A literature survey on social engineering attacks: phishing attack. In international conference on computing, communication and automation 2016 (pp. 537-40). IEEE
[Crossref]	[Google Scholar]

[27]Jampen D, Gür G, Sutter T, Tellenbach B. Don’t click: towards an effective anti-phishing training. a comparative literature review. Human-centric Computing and Information Sciences. 2020; 10(1):1-41.
[Crossref]	[Google Scholar]

[28]Khonji M, Iraqi Y, Jones A. Phishing detection: a literature survey. IEEE Communications Surveys & Tutorials. 2013; 15(4):2091-121.
[Crossref]	[Google Scholar]

[29]Lastdrager EE. Achieving a consensual definition of phishing based on a systematic review of the literature. Crime Science. 2014; 3(1):1-10.
[Crossref]	[Google Scholar]

[30]https://www.oxfordlearnersdictionaries.com/definition/american_english/phishing. Accessed 5 April 2020.

[31]https://www.phishtank.com/what_is_phishing.php. Accessed 19 February 2020.

[32]Gupta BB, Tewari A, Jain AK, Agrawal DP. Fighting against phishing attacks: state of the art and future challenges. Neural Computing and Applications. 2017; 28(12):3629-54.
[Crossref]	[Google Scholar]

[33]https://cofense.com/phishing-ransomware-threats-soared-q1-2016/. Accessed 19 February 2020.

[34]https://www.oxfordlearnersdictionaries.com/definition/english/ransomware. Accessed 20 March 2020.

[35]https://dictionary.cambridge.org/dictionary/english/ransomware. Accessed 20 March 2022.

[36]https://www.trendmicro.com/vinfo/us/security/definition/ransomware. Accessed 19 February 2018.

[37]Murphy R. How does ransomware work. Retrieved From. 2017.
[Google Scholar]

[38]https://digitalguardian.com/blog/what-is-ransomware-and-how-to-protect-against-attacks. Accessed 19 February 2018.

[39]Mouton F, Leenen L, Malan MM, Venter HS. Towards an ontological model defining the social engineering domain. In IFIP international conference on human choice and computers 2014 (pp. 266-79). Springer, Berlin, Heidelberg.
[Crossref]	[Google Scholar]

[40]Culpepper AM. Effectiveness of using red-teams to identify maritime security vulnerabilities to terrorist attack. Naval Postgraduate School Monterey Ca; 2004.
[Google Scholar]

[41]Bhakta R, Harris IG. Semantic analysis of dialogs to detect social engineering attacks. In proceedings of the international conference on semantic computing 2015 (pp. 424-7). IEEE.
[Crossref]	[Google Scholar]

[42]Emigh A. The crimeware landscape: malware, phishing, identity theft and beyond. Journal of Digital Forensic Practice. 2006; 1(3):245-60.
[Crossref]	[Google Scholar]

[43]Huang H, Zhong S, Tan J. Browser-side countermeasures for deceptive phishing attack. In fifth international conference on information assurance and security 2009 (pp. 352-5). IEEE.
[Crossref]	[Google Scholar]

[44]https://www.phishing.org/phishing-techniques. Accessed 21 March 2021.

[45]https://usa.kaspersky.com/resource-center/definitions/spear-phishing. Accessed 19 February 2018.

[46]Caputo DD, Pfleeger SL, Freeman JD, Johnson ME. Going spear phishing: exploring embedded training and awareness. IEEE Security & Privacy. 2013; 12(1):28-38.
[Google Scholar]

[47]Castiglione A, Prisco RD, Santis AD. Do you trust your phone? In international conference on electronic commerce and web technologies 2009 (pp. 50-61). Springer, Berlin, Heidelberg.
[Crossref]	[Google Scholar]

[48]Silic M, Back A. The dark side of social networking sites: understanding phishing risks. Computers in Human Behavior. 2016; 60:35-43.
[Crossref]	[Google Scholar]

[49]Abad C. The economy of phishing: a survey of the operations of the phishing market. 2005.
[Google Scholar]

[50]Ganesan S. Detection of phishing websites using classification algorithms. In cyber security and digital forensics 2022 (pp. 129-41). Springer, Singapore.
[Crossref]	[Google Scholar]

[51]Suri RK, Tomar DS, Sahu DR. An approach to perceive tabnabbing attack. International Journal of Scientific & Technology Research. 2012; 1:90-4.
[Google Scholar]

[52]Singh A, Tripathy S. TabSol: an efficient framework to defend Tabnabbing. In international conference on information technology 2014 (pp. 173-8). IEEE.
[Crossref]	[Google Scholar]

[53]Li X, Geng G, Yan Z, Chen Y, Lee X. Phishing detection based on newly registered domains. In international conference on big data 2016 (pp. 3685-92). IEEE.
[Crossref]	[Google Scholar]

[54]Chen G, Johnson MF, Marupally PR, Singireddy NK, Yin X, Paruchuri V. Combating typo-squatting for safer browsing. In international conference on advanced information networking and applications workshops 2009 (pp. 31-6). IEEE.
[Crossref]	[Google Scholar]

[55]Patel J, Panchal SD. A survey on pharming attack detection and prevention methodology. IOSR Journal of Computer Engineering. 2013; 9(1):66-72.
[Google Scholar]

[56]Emilin SC. Detecting and preventing phishing websites DPPWS. Anna University. 2014.
[Google Scholar]

[57]https://securelist.com/the-rio-olympics-scammers-already-competing/74754/. Accessed 19 December 2019.

[58]Mishra M, Jain A. Anti-phishing techniques: a review. International Journal of Engineering Research and Applications. 2012; 2(2):350-5.
[Google Scholar]

[59]Zhenfang ZH. Study on computer Trojan horse virus and its prevention. International Journal of Engineering and Applied Sciences. 2015; 2(8):257840.
[Google Scholar]

[60]Li C, Jiang W, Zou X. Botnet: survey and case study. In fourth international conference on innovative computing, information and control 2009 (pp. 1184-7). IEEE.
[Crossref]	[Google Scholar]

[61]Micro T. Botnet threats and solutions: phishing. 2006.
[Google Scholar]

[62]Damopoulos D, Kambourakis G, Gritzalis S. From keyloggers to touchloggers: take the rough with the smooth. Computers & security. 2013; 32:102-14.
[Crossref]	[Google Scholar]

[63]Divya R, Muthukumarasamy S. An impervious QR-based visual authentication protocols to prevent black-bag cryptanalysis. In 9th international conference on intelligent systems and control 2015 (pp. 1-6). IEEE.
[Crossref]	[Google Scholar]

[64]Yaokumah W. Predicting and explaining cyber ethics with ethical theories. International Journal of Cyber Warfare and Terrorism. 2020; 10(2):46-63.
[Google Scholar]

[65]Gastellier-prevost S, Laurent M. Defeating pharming attacks at the client-side. In 5th international conference on network and system security 2011 (pp. 33-40). IEEE.
[Crossref]	[Google Scholar]

[66]Gastellier-prevost S, Granadillo GG, Laurent M. Decisive heuristics to differentiate legitimate from phishing sites. In conference on network and information systems security 2011 (pp. 1-9). IEEE.
[Crossref]	[Google Scholar]

[67]Jackson C, Barth A, Bortz A, Shao W, Boneh D. Protecting browsers from DNS rebinding attacks. ACM Transactions on the Web. 2009; 3(1):1-26.
[Crossref]	[Google Scholar]

[68]Sarbazi-azad H, Zomaya AY. Large scale network-centric distributed systems. John Wiley & Sons; 2013.
[Google Scholar]

[69]Kim YG, Cho S, Lee JS, Lee MS, Kim IH, Kim SH. Method for evaluating the security risk of a website against phishing attacks. In international conference on intelligence and security informatics 2008 (pp. 21-31). Springer, Berlin, Heidelberg.
[Crossref]	[Google Scholar]

[70]Kaur D, Kaur P. Empirical analysis of web attacks. Procedia Computer Science. 2016; 78:298-306.
[Crossref]	[Google Scholar]

[71]Houser R, Hao S, Li Z, Liu D, Cotton C, Wang H. A comprehensive measurement-based investigation of DNS hijacking. In international symposium on reliable distributed systems 2021 (pp. 210-21). IEEE.
[Crossref]	[Google Scholar]

[72]Karlof CK. Human factors in web authentication. University of California, Berkeley; 2009.
[Google Scholar]

[73]Stamm S, Ramzan Z, Jakobsson M. Drive-by pharming. In international conference on information and communications security 2007 (pp. 495-506). Springer, Berlin, Heidelberg.
[Crossref]	[Google Scholar]

[74]Gastellier-prevost S, Granadillo GG, Laurent M. A dual approach to detect pharming attacks at the client-side. In IFIP international conference on new technologies, mobility and security 2011 (pp. 1-5). IEEE.
[Crossref]	[Google Scholar]

[75]Purkait S. DHCP-enabled LAN prone to phishing attacks. IUP Journal of Information Technology. 2013; 9(1):24-40.
[Google Scholar]

[76]Steadman J, Scott-hayward S. DNSxD: detecting data exfiltration over DNS. In conference on network function virtualization and software defined networks (NFV-SDN) 2018 (pp. 1-6). IEEE.
[Crossref]	[Google Scholar]

[77]Farnham G, Atlasis A. Detecting DNS tunneling. SANS Institute InfoSec Reading Room. 2013; 9:1-32.
[Google Scholar]

[78]Maksutov AA, Cherepanov IA, Alekseev MS. Detection and prevention of DNS spoofing attacks. In Siberian symposium on data science and engineering 2017 (pp. 84-7). IEEE.
[Crossref]	[Google Scholar]

[79]Jaworski S. Using splunk to detect DNS tunneling. SANS Institute InfoSec Reading Room. 2016.
[Google Scholar]

[80]Steinhoff U, Wiesmaier A, Araújo R. The state of the art in DNS spoofing. In proceeding of international conferences applied cryptography and network security (ACNS) 2006.
[Google Scholar]

[81]Mcgrath DK, Kalafut A, Gupta M. Phishing infrastructure fluxes all the way. IEEE Security & Privacy. 2009; 7(5):21-8.
[Crossref]	[Google Scholar]

[82]Holz T, Gorecki C, Rieck K, Freiling FC. Measuring and detecting fast-flux service networks. InNdss 2008.
[Google Scholar]

[83]Zhou S. A survey on fast-flux attacks. Information Security Journal: A Global Perspective. 2015; 24(4-6):79-97.
[Crossref]	[Google Scholar]

[84]Gupta M. Pharming attack designs. In encyclopedia of information ethics and security 2007 (pp. 520-6). IGI Global.
[Google Scholar]

[85]Kathrine GJ, Praise PM, Rose AA, Kalaivani EC. Variants of phishing attacks and their detection techniques. In international conference on trends in electronics and informatics 2019 (pp. 255-9). IEEE.
[Crossref]	[Google Scholar]

[86]Blasi M. Techniques for detecting zero day phishing websites. Iowa State University; 2009.
[Google Scholar]

[87]Bu SJ, Cho SB. Integrating deep learning with first-order logic programmed constraints for zero-day phishing attack detection. In international conference on acoustics, speech and signal processing 2021 (pp. 2685-9). IEEE.
[Crossref]	[Google Scholar]

[88]Ronald F. Clayton. E Y Technical Intelligence Analysis - WannaCry Attack. 2017.

[89]Tandon A, Nayyar A. A comprehensive survey on ransomware attack: a growing havoc cyberthreat. Data Management, Analytics and Innovation. 2019:403-20.
[Crossref]	[Google Scholar]

[90]Mohurle S, Patil M. A brief study of wannacry threat: ransomware attack 2017. International Journal of Advanced Research in Computer Science. 2017; 8(5):1938-40.
[Google Scholar]

[91]https://blog.google/threat-analysis-group/findings-covid-19-and-online-security-threats/. Accessed 20 March 2022.

[92]https://apwg.org/trendsreports/. Accessed 20 March 2022.

[93]https://openphish.com/. Accessed 20 March 2022.

[94]http://www.phishtank.com/index.php. Accessed 20 March 2022.

[95]Cameron AC, Windmeijer FA. An R-squared measure of goodness of fit for some common nonlinear regression models. Journal of Econometrics. 1997; 77(2):329-42.
[Crossref]	[Google Scholar]

[96]Akossou AY, Palm R. Impact of data structure on the estimators R-square and adjusted R-square in linear regression. International Journal of Mathematics Computation. 2013; 20(3):84-93.
[Google Scholar]

[97]https://www.microsoft.com/security/blog/2017/02/14/ransomware-2016-threat-landscape-review/. Accessed 29 August 2021.

[98]https://securelist.com/wannacry-ransomware-used-in-widespread-attacks-all-over-the-world/78351/. Accessed 19 February 2018.

[99]Das S, Nippert-eng C, Camp LJ. Evaluating user susceptibility to phishing attacks. Information & Computer Security. 2022; 30(1).
[Crossref]	[Google Scholar]

[100]Abuadbba A, Wang S, Almashor M, Ahmed ME, Gaire R, Camtepe S, et al. Towards web phishing detection limitations and mitigation. arXiv preprint arXiv:2204.00985. 2022.
[Google Scholar]

[101]APWG. APWG phishing trends report 4th quarter. 2021.