Systematic Literature Review: Anti-Phishing Defences and Their Application to Before-the-click Phishing Email Detection

by   Trevor Wood, et al.

Most research into anti-phishing defence assumes that the mal-actor is attempting to harvest end-users' personally identifiable information or login credentials and, hence, focuses on detecting phishing websites. The defences for this type of attack are usually activated after the end-user clicks on a link, at which point the link is checked. This is known as after-the-click detection. However, more sophisticated phishing attacks (such as spear-phishing and whaling) are rarely designed to get the end-user to visit a website. Instead, they attempt to get the end-user to perform some other action, for example, transferring money from their bank account to the mal-actors account. These attacks are rarer, and before-the-click defence has been investigated less than after-the-click defence. To better integrate and contextualize these studies in the overall anti-phishing research, this paper presents a systematic literature review of proposed anti-phishing defences. From a total of 6330 papers, 21 primary studies and 335 secondary studies were identified and examined. The current research was grouped into six primary categories, blocklist/allowlist, heuristics, content, visual, artificial intelligence/machine learning and proactive, with an additional category of "other" for detection techniques that do not fit into any of the primary categories. It then discusses the performance and suitability of using these techniques for detecting phishing emails before the end-user even reads the email. Finally, it suggests some promising areas for further research.


page 1

page 16


A Systematic Literature Review on Phishing and Anti-Phishing Techniques

Phishing is the number one threat in the world of internet. Phishing att...

Why Johnny can't rely on anti-phishing educational interventions to protect himself against contemporary phishing attacks?

Phishing is a way of stealing people's sensitive information such as use...

All About Phishing: Exploring User Research through a Systematic Literature Review

Phishing is a well-known cybersecurity attack that has rapidly increased...

Analyzing the Impact of Automated User Assistance Systems: A Systematic Review

Context: User assistance is generally defined as the guided assistance t...

Machine Learning based Anomaly Detection for Smart Shirt: A Systematic Review

In recent years, the popularity and use of Artificial Intelligence (AI) ...

A Decade of Information Architecture in HCI: A Systematic Literature Review

Information Architecture (IA) is a blueprint for the information system ...

Detecting Phishing sites Without Visiting them

Now-a-days, cyberattacks are increasing at an unprecedented rate. Phishi...

Please sign up or login with your details

Forgot password? Click here to reset