TY - JOUR
T1 - Phishing environments, techniques, and countermeasures
T2 - A survey
AU - Aleroud, Ahmed
AU - Zhou, Lina
N1 - Funding Information:
This research effort was supported in part by the National Science Foundation (SES-152768). Any opinions, findings or recommendations expressed here are those of the authors and are not necessarily those of the sponsors of this research.
Publisher Copyright:
© 2017 Elsevier Ltd
PY - 2017/7/1
Y1 - 2017/7/1
N2 - Phishing has become an increasing threat in online space, largely driven by the evolving web, mobile, and social networking technologies. Previous phishing taxonomies have mainly focused on the underlying mechanisms of phishing but ignored the emerging attacking techniques, targeted environments, and countermeasures for mitigating new phishing types. This survey investigates phishing attacks and anti-phishing techniques developed not only in traditional environments such as e-mails and websites, but also in new environments such as mobile and social networking sites. Taking an integrated view of phishing, we propose a taxonomy that involves attacking techniques, countermeasures, targeted environments and communication media. The taxonomy will not only provide guidance for the design of effective techniques for phishing detection and prevention in various types of environments, but also facilitate practitioners in evaluating and selecting tools, methods, and features for handling specific types of phishing problems.
AB - Phishing has become an increasing threat in online space, largely driven by the evolving web, mobile, and social networking technologies. Previous phishing taxonomies have mainly focused on the underlying mechanisms of phishing but ignored the emerging attacking techniques, targeted environments, and countermeasures for mitigating new phishing types. This survey investigates phishing attacks and anti-phishing techniques developed not only in traditional environments such as e-mails and websites, but also in new environments such as mobile and social networking sites. Taking an integrated view of phishing, we propose a taxonomy that involves attacking techniques, countermeasures, targeted environments and communication media. The taxonomy will not only provide guidance for the design of effective techniques for phishing detection and prevention in various types of environments, but also facilitate practitioners in evaluating and selecting tools, methods, and features for handling specific types of phishing problems.
KW - Honeypots
KW - Mobile phishing
KW - Ontology
KW - Phishing
KW - Phishing detection
KW - Social engineering
KW - Social networks phishing
UR - http://www.scopus.com/inward/record.url?scp=85019165401&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85019165401&partnerID=8YFLogxK
U2 - 10.1016/j.cose.2017.04.006
DO - 10.1016/j.cose.2017.04.006
M3 - Review article
AN - SCOPUS:85019165401
SN - 0167-4048
VL - 68
SP - 160
EP - 196
JO - Computers and Security
JF - Computers and Security
ER -