Figure 3 - available via license: Creative Commons Attribution 4.0 International
Content may be subject to copyright.
Source publication
This research aims to describe and analyze phishing emails. The problem of phishing, types of message content of phishing emails, and the basic techniques of phishing email attacks are explained by way of introduction. The study also includes a review of the relevant literature on Web of Science and analyzes articles that deal with the threat of ph...
Context in source publication
Citations
... Email phishing is a phishing type in which unsuspecting victim is tricked into divulging credential or sensitive information through email [10], [52]. Here the attacker sends phishing code either through email containing a phishing link or malware attachment in such a way that as soon as the victim clicks on the link [21], it will either redirect it to a phishing site or get the system infected by malware. Sensitive credentials getting by this mean can then be use by the attacker to commit series of cybercrimes against the victim or target organization including but not limited to remote malware installation, instigate Denial of service attack, Cyberstalking, identity theft, and can even be sold in the dark market. ...
Phishing is one of the most effective ways in which cybercriminals get sensitive details such as credentials for online banking, digital wallets, state secrets, and many more from potential victims. They do this by spamming users with malicious URLs with the sole purpose of tricking them into divulging sensitive information which is later used for various cybercrimes. In this research, we did a comprehensive review of current state-of-the-art machine learning and deep learning phishing detection techniques to expose their vulnerabilities and future research direction. For better analysis and observation, we split machine learning techniques into Bayesian, non-Bayesian, and deep learning. We reviewed the most recent advances in Bayesian and non-Bayesian-based classifiers before exploiting their corresponding weaknesses to indicate future research direction. While exploiting weaknesses in both Bayesian and non-Bayesian classifiers, we also compared each performance with a deep learning classifier. For a proper review of deep learning-based classifiers, we looked at Recurrent Neural Networks (RNN), Convolutional Neural Networks (CNN), and Long Short Term Memory Networks (LSTMs). We did an empirical analysis to evaluate the performance of each classifier along with many of the proposed state-of-the-art anti-phishing techniques to identify future research directions, we also made a series of proposals on how the performance of the under-performing algorithm can improved in addition to a two-stage prediction model
... Their findings shed light on the severity of the impact of phishing attacks, signaling the urgent need for robust cybersecurity measures to counteract this pervasive threat. Burita et al. (2021) discussed the effects of phishing attacks on individuals and organizations. They pointed out that successful phishing attacks can result in financial losses, damage to an organization's reputation, and loss of sensitive data such as usernames, passwords, and credit card information. ...
... Additionally, the study noted that phishing attacks can cause psychological distress to victims, as they may feel violated and vulnerable after falling victim to a scam. Finally, Burita et al. (2021) recommended that future studies should focus on conducting similar analyses, potentially using smaller data sets, to investigate any changes in phishing emails that occur over a one-year period, as, it may be useful to explore whether identical phishing emails originating from the same workplace such as intranet network are being delivered to various recipients' accounts. Carroll (2022) studied the factors affecting awareness of phishing among generation: they mentioned that phishing attacks can have significant negative impacts on individuals, organizations, and society. ...
... The increased reliance on digital communication, as discussed by Carroll (2022), has exacerbated these threats, especially during global events like the COVID-19 pandemic. Bhavsar et al. (2018) and Burita et al. (2021) underline the multifaceted nature of phishing attacks, which not only compromise sensitive data but also inflict psychological distress on victims. ...
This study aimed at understanding phishing attacks targeting mobile phone users in Tanzania, focusing on the investigation of effects of these attacks on the mobile phone users. The study used technology threat avoidance theory as its theoretical framework. Respondents were selected using a purposive stratified sampling method to ensure diverse representation across various demographics and business sectors. A descriptive research design was employed and traders in Kariakoo market, Dar es Salaam were the target population. A sample size of 394 respondents was chosen and data obtained through structured questionnaires and in-depth interviews. Quantitative data were analyzed using SPSS, while qualitative data were examined with Deedose. The study revealed social, economic, and psychological effects of phishing attacks to mobile phone users in Tanzania. Socially, there was a noticeable decline in trust toward digital communications, leading to altered online behaviors and interactions. Economically, the effects included substantial financial losses and disruptions to business operations, impacting both individuals and organizations. Psychologically, the study found that victims experienced emotional distress, anxiety, and a heightened sense of vulnerability, prompting an increased awareness and caution regarding cyber security practices. The study concluded that phishing attacks posed significant social, economic, and psychological challenges for mobile phone users in Tanzania, with effects varying across different demographic groups. It also revealed that users' age, gender, education, and business sector influenced their susceptibility to phishing attacks, leading to diverse experiences and vulnerabilities within the population. The study recommends implementation of targeted awareness campaigns through popular communication channels, such as social media ads and television, to maximize reach and engagement, especially among younger users who are frequently online.
... To simplify, a phishing attack is all about trickery. Therefore a phishing email [8] is a serious security threat targeting the end user and tricking him/her into compromising his/her own security. This happens when accessing insecure web pages that are controller by the attacker, opening suspicious attachments maliciously crafted by the attacker or revealing private information. ...
... They embed malicious scripts into a document disguised as an official document to trick victims into accessing it. This is done with the aim of obtaining important information such as personal data, account data, and financial data from individuals or organizations targeted by phishing (Burita et al., 2021). The obtained information is then stored in servers or databases owned by the attackers. ...
In the rapidly evolving landscape of cybersecurity threats, the need for robust defenses against phishing attacks has become paramount. This study explores the efficacy of malware detection in phishing email attacks using dynamic analysis on the Letsdefend.io platform. Leveraging the insights provided by the Deloitte Center for Controllership regarding the escalating frequency of cyber adversaries targeting organizational data, this research investigates the effectiveness of the Letsdefend.io platform, particularly utilizing the SOC 146 rule, in identifying and mitigating phishing threats. Through a comprehensive analysis process encompassing dynamic malware analysis techniques, such as those employed by VirusTotal and URLHaus, alongside detailed examination of suspicious email attachments using the Mailbox feature, this study aims to provide insights into the evolving tactics of phishing attackers, specifically those utilizing Excel 4.0 Macros. The research methodology involves collecting malware samples for analysis, configuring sandbox environments with tools like Process Monitor and Regshot, and utilizing sophisticated analysis tools like ProcDot to visualize malware behavior. Additionally, the study examines the effectiveness of the Letsdefend.io platform in detecting phishing URLs and malicious domains reported by AnyRun and URLHaus databases. The findings reveal promising results in the detection and identification of phishing threats, shedding light on the potential of dynamic analysis methods in bolstering cybersecurity defenses against evolving phishing techniques. This research contributes to the ongoing efforts to enhance cybersecurity measures and protect organizational assets from the pervasive threat of phishing attacks.
... Cybersecurity becomes a very challenging issue and the occurrence of different cyber attacks is more frequent [1,2]. Detection of anomalies in computer networks has been the main goal of many research activities due to its potential in detecting new types of cyber attacks. ...
... Email phishing je druh phishingového útoku, kedy používateľ odosiela podvodné emailové správy veľkému množstvu náhodných používateľov. Tento druh phishingového útoku tak dokáže zasiahnuť veľké množstvo používateľov, avšak v dôsledku nižšej personalizácie správ môže dosahovať nižšiu úspešnosť a môže byť jednoduchšie identifikovateľný [4,5]. ...
Organizácie, ktoré využívajú v rámci svojich činností internetovú sieť, sú v súčasnosti vystavené hrozbe kybernetických útokov, ktoré môžu mať nežiadúce následky na integritu a kontinuitu procesov a služieb. Je preto nevyhnutné, aby organizácie prijímali technologické a procesné opatrenia na zaisťovanie dostatočnej úrovne kybernetickej bezpečnosti. Súčasťou procesu implementácie kybernetickej bezpečnosti je aj proces identifikácie zraniteľnosti, čím môžu organizácie odhaliť zraniteľnosť systémov na konkrétne kybernetické útoky a následne implementovať adekvátne opatrenia na jej znižovanie. Preto je tento článok zameraný na identifikáciu zraniteľnosti vybranej skupiny na phishingový útok, s využitím phishingového testu.
... It contains "@" symbols, instead of domain name they use IP addresses, having more number of external and internal links in the Email body. Another feature seen here is the pop-up window code and the onclick activities, which are primarily done in JavaScript, but also other script-based features may occur in the body of the email as seen by the work of authors in [4]- [5]. ...
Phishing based incidents are the procedure of
posting illegal or dishonest communications that seems to be
originated from a trustworthy sending node. It is commonly
reflected in the case of email transmission. The aim is to rob one’s
important personal information which includes credit/ debit card
details, login information, account related data etc. In one way
or another, Phishing emails are can trick users into revealing
crucial technical or personal information. Users needs to be very
careful and cautious when working with the emails they receive
in their Inbox. In addition to verifying sender information, users
must be wise enough in analyzing the body of the email to remain
protected against such frauds. To account for this reason, this
study have proposed a simple yet effective approach, ML-PETA,for analyzing the email text body with Machine learning
algorithms. Using the proposed approach, this paper could
achieve an accuracy of 96 percentage with a minimum count of
vital features only for Phishing Email Text Analysis. At the same
time, by the application of dimensionality reduction techniques,
the proposed approach is able to reduce the dimensionality of the
data considerably, which is better than state-of-the-art existing
phishing email detection techniques which have much greater
number of features and lesser accuracy rate.
... We have chosen rules for email detection based on the occurrence of keywords in the subject and content of the email message. The keywords were taken from the results of research on phishing emails, published in the article [19]. Keywords that characterize the particular email segment: ...