Skip to main page content
U.S. flag

An official website of the United States government

Dot gov

The .gov means it’s official.
Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you’re on a federal government site.

Https

The site is secure.
The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.

Access keys NCBI Homepage MyNCBI Homepage Main Content Main Navigation
Review
. 2021;76(1):139-154.
doi: 10.1007/s11235-020-00733-2. Epub 2020 Oct 23.

A comprehensive survey of AI-enabled phishing attacks detection techniques

Abdul Basit  1 Maham Zafar  1 Xuan Liu  2 Abdul Rehman Javed  3 Zunera Jalil  3 Kashif Kifayat  3
Affiliations
Review

A comprehensive survey of AI-enabled phishing attacks detection techniques

Abdul Basit et al. Telecommun Syst. 2021.

Abstract

In recent times, a phishing attack has become one of the most prominent attacks faced by internet users, governments, and service-providing organizations. In a phishing attack, the attacker(s) collects the client's sensitive data (i.e., user account login details, credit/debit card numbers, etc.) by using spoofed emails or fake websites. Phishing websites are common entry points of online social engineering attacks, including numerous frauds on the websites. In such types of attacks, the attacker(s) create website pages by copying the behavior of legitimate websites and sends URL(s) to the targeted victims through spam messages, texts, or social networking. To provide a thorough understanding of phishing attack(s), this paper provides a literature review of Artificial Intelligence (AI) techniques: Machine Learning, Deep Learning, Hybrid Learning, and Scenario-based techniques for phishing attack detection. This paper also presents the comparison of different studies detecting the phishing attack for each AI technique and examines the qualities and shortcomings of these methodologies. Furthermore, this paper provides a comprehensive set of current challenges of phishing attacks and future research direction in this domain.

Keywords: Advanced phishing techniques; Cyberattack; Deep learning; Hybrid learning; Internet security; Machine learning; Phishing attack; Security threats.

PubMed Disclaimer

Figures

Fig. 1
Fig. 1
Phishing attack diagram [26]
Fig. 2
Fig. 2
Phishing report for third quarter of the year 2019 [1]
Fig. 3
Fig. 3
Most targeted industry sectors—3rd quarter 2019 [3]
Fig. 4
Fig. 4
Taxonomy of this survey focusing on phishing attack detection studies
Fig. 5
Fig. 5
Deep learning for phishing attack detection
Fig. 6
Fig. 6
Machine learning for phishing attack detection
See this image and copyright information in PMC

References

    1. (2016). Apwg trend report. http://docs.apwg.org/reports/apwg_trends_report_q4_2016.pdf. Accessed from 20 July 2020
    1. (2018) Phishing activity trends report. http://docs.apwg.org/reports/apwg_trends_report_q2_2018.pdf. Accessed from 20 July 2020
    1. (2019) Apwg trend report. https://docs.apwg.org/reports/apwg_trends_report_q3_2019.pdf. Accessed from 20 July 2020
    1. (2019) Fbi warns of dramatic increase in business e-mail compromise (bec) schemes—fbi. https://www.fbi.gov/contact-us/field-offices/memphis/news/press-releases.... Accessed from 20 July 2020
    1. (2019) What is phishing? https://www.phishing.org/what-is-phishing. Accessed from 20 July 2020

LinkOut - more resources