Defending against Phishing Attacks: Taxonomy of Methods, Current Issues and Future Directions

TL;DR

This paper provides a comprehensive overview of phishing attack types, existing defense methods, and discusses challenges and future directions, emphasizing the importance of end-user awareness and IoT security.

Contribution

It offers a detailed taxonomy of phishing attacks and defense solutions, along with insights into current issues and future research directions.

Findings

Taxonomy of phishing attack types

Classification of defense methods

Discussion on IoT-related phishing issues

Abstract

Internet technology is so pervasive today, for example, from online social networking to online banking, it has made people's lives more comfortable. Due the growth of Internet technology, security threats to systems and networks are relentlessly inventive. One such a serious threat is "phishing", in which, attackers attempt to steal the user's credentials using fake emails or websites or both. It is true that both industry and academia are working hard to develop solutions to combat against phishing threats. It is therefore very important that organisations to pay attention to end-user awareness in phishing threat prevention. Therefore, the aim of our paper is twofold. First, we will discuss the history of phishing attacks and the attackers' motivation in details. Then, we will provide taxonomy of various types of phishing attacks. Second, we will provide taxonomy of various solutions proposed in literature to protect users from phishing based on the attacks identified in our taxonomy. Moreover, we have also discussed impact of phishing attacks in Internet of Things (IoTs). We conclude our paper discussing various issues and challenges that still exist in the literature, which are important to fight against with phishing threats.