Tutorial and critical analysis of phishing websites methods

Rami M. Mohammad, Fadi Thabtah, Lee McCluskey

Research output: Contribution to journalReview article

39 Citations (Scopus)

Abstract

The Internet has become an essential component of our everyday social and financial activities. Internet is not important for individual users only but also for organizations, because organizations that offer online trading can achieve a competitive edge by serving worldwide clients. Internet facilitates reaching customers all over the globe without any market place restrictions and with effective use of e-commerce. As a result, the number of customers who rely on the Internet to perform procurements is increasing dramatically. Hundreds of millions of dollars are transferred through the Internet every day. This amount of money was tempting the fraudsters to carry out their fraudulent operations. Hence, Internet users may be vulnerable to different types of web threats, which may cause financial damages, identity theft, loss of private information, brand reputation damage and loss of customers' confidence in e-commerce and online banking. Therefore, suitability of the Internet for commercial transactions becomes doubtful. Phishing is considered a form of web threats that is defined as the art of impersonating a website of an honest enterprise aiming to obtain user's confidential credentials such as usernames, passwords and social security numbers. In this article, the phishing phenomena will be discussed in detail. In addition, we present a survey of the state of the art research on such attack. Moreover, we aim to recognize the up-to-date developments in phishing and its precautionary measures and provide a comprehensive study and evaluation of these researches to realize the gap that is still predominating in this area. This research will mostly focus on the web based phishing detection methods rather than email based detection methods.

Original languageEnglish
Pages (from-to)1-24
Number of pages24
JournalComputer Science Review
Volume17
DOIs
Publication statusPublished - 1 Aug 2015

Fingerprint

Websites
Internet
Customers
Electronic Commerce
Damage
Electronic mail
Globe
Essential Component
Private Information
Banking
Password
Electronic Mail
Web-based
Confidence
Transactions
Attack
Restriction
Evaluation
Industry

Cite this

Mohammad, Rami M. ; Thabtah, Fadi ; McCluskey, Lee. / Tutorial and critical analysis of phishing websites methods. In: Computer Science Review. 2015 ; Vol. 17. pp. 1-24.
@article{4c5bfa69145649f3a8e8438d43450301,
title = "Tutorial and critical analysis of phishing websites methods",
abstract = "The Internet has become an essential component of our everyday social and financial activities. Internet is not important for individual users only but also for organizations, because organizations that offer online trading can achieve a competitive edge by serving worldwide clients. Internet facilitates reaching customers all over the globe without any market place restrictions and with effective use of e-commerce. As a result, the number of customers who rely on the Internet to perform procurements is increasing dramatically. Hundreds of millions of dollars are transferred through the Internet every day. This amount of money was tempting the fraudsters to carry out their fraudulent operations. Hence, Internet users may be vulnerable to different types of web threats, which may cause financial damages, identity theft, loss of private information, brand reputation damage and loss of customers' confidence in e-commerce and online banking. Therefore, suitability of the Internet for commercial transactions becomes doubtful. Phishing is considered a form of web threats that is defined as the art of impersonating a website of an honest enterprise aiming to obtain user's confidential credentials such as usernames, passwords and social security numbers. In this article, the phishing phenomena will be discussed in detail. In addition, we present a survey of the state of the art research on such attack. Moreover, we aim to recognize the up-to-date developments in phishing and its precautionary measures and provide a comprehensive study and evaluation of these researches to realize the gap that is still predominating in this area. This research will mostly focus on the web based phishing detection methods rather than email based detection methods.",
keywords = "Anti-phishing, Blacklist, Data mining, Phishing, Whitelist",
author = "Mohammad, {Rami M.} and Fadi Thabtah and Lee McCluskey",
year = "2015",
month = "8",
day = "1",
doi = "10.1016/j.cosrev.2015.04.001",
language = "English",
volume = "17",
pages = "1--24",
journal = "Computer Science Review",
issn = "1574-0137",
publisher = "Elsevier Ireland Ltd",

}

Tutorial and critical analysis of phishing websites methods. / Mohammad, Rami M.; Thabtah, Fadi; McCluskey, Lee.

In: Computer Science Review, Vol. 17, 01.08.2015, p. 1-24.

Research output: Contribution to journalReview article

TY - JOUR

T1 - Tutorial and critical analysis of phishing websites methods

AU - Mohammad, Rami M.

AU - Thabtah, Fadi

AU - McCluskey, Lee

PY - 2015/8/1

Y1 - 2015/8/1

N2 - The Internet has become an essential component of our everyday social and financial activities. Internet is not important for individual users only but also for organizations, because organizations that offer online trading can achieve a competitive edge by serving worldwide clients. Internet facilitates reaching customers all over the globe without any market place restrictions and with effective use of e-commerce. As a result, the number of customers who rely on the Internet to perform procurements is increasing dramatically. Hundreds of millions of dollars are transferred through the Internet every day. This amount of money was tempting the fraudsters to carry out their fraudulent operations. Hence, Internet users may be vulnerable to different types of web threats, which may cause financial damages, identity theft, loss of private information, brand reputation damage and loss of customers' confidence in e-commerce and online banking. Therefore, suitability of the Internet for commercial transactions becomes doubtful. Phishing is considered a form of web threats that is defined as the art of impersonating a website of an honest enterprise aiming to obtain user's confidential credentials such as usernames, passwords and social security numbers. In this article, the phishing phenomena will be discussed in detail. In addition, we present a survey of the state of the art research on such attack. Moreover, we aim to recognize the up-to-date developments in phishing and its precautionary measures and provide a comprehensive study and evaluation of these researches to realize the gap that is still predominating in this area. This research will mostly focus on the web based phishing detection methods rather than email based detection methods.

AB - The Internet has become an essential component of our everyday social and financial activities. Internet is not important for individual users only but also for organizations, because organizations that offer online trading can achieve a competitive edge by serving worldwide clients. Internet facilitates reaching customers all over the globe without any market place restrictions and with effective use of e-commerce. As a result, the number of customers who rely on the Internet to perform procurements is increasing dramatically. Hundreds of millions of dollars are transferred through the Internet every day. This amount of money was tempting the fraudsters to carry out their fraudulent operations. Hence, Internet users may be vulnerable to different types of web threats, which may cause financial damages, identity theft, loss of private information, brand reputation damage and loss of customers' confidence in e-commerce and online banking. Therefore, suitability of the Internet for commercial transactions becomes doubtful. Phishing is considered a form of web threats that is defined as the art of impersonating a website of an honest enterprise aiming to obtain user's confidential credentials such as usernames, passwords and social security numbers. In this article, the phishing phenomena will be discussed in detail. In addition, we present a survey of the state of the art research on such attack. Moreover, we aim to recognize the up-to-date developments in phishing and its precautionary measures and provide a comprehensive study and evaluation of these researches to realize the gap that is still predominating in this area. This research will mostly focus on the web based phishing detection methods rather than email based detection methods.

KW - Anti-phishing

KW - Blacklist

KW - Data mining

KW - Phishing

KW - Whitelist

UR - http://www.scopus.com/inward/record.url?scp=84940447447&partnerID=8YFLogxK

U2 - 10.1016/j.cosrev.2015.04.001

DO - 10.1016/j.cosrev.2015.04.001

M3 - Review article

VL - 17

SP - 1

EP - 24

JO - Computer Science Review

JF - Computer Science Review

SN - 1574-0137

ER -