ABSTRACT

Phishing is an identity theft, which deceives Internet users into revealing their sensitive data, e.g., login information, credit/debit card details, and so on. Researchers have developed various anti-phishing methods in recent years. However, the problem still exists. Therefore, this paper presents a detailed analysis of phishing attack methods and defense techniques. This survey is presented in five folds. First, we discuss in detail the lifecycle of phishing attack, its history, and motivation behind this attack. Second, we present various distribution methods that are used to spread phishing attacks. Third, we provide taxonomy of various phishing-attacking techniques in desktop and mobile environments. Fourth, we provide numerous phishing protection mechanisms and their comparisons. Finally, the article presents various performance challenges faced by developers while dealing with this crucial attack. This paper also provides the consequences of phishing attacks in emerging domains like mobile and online social networks. This paper will help the different users in avoiding phishing attacks while using Internet for their day-to-day activities, and will guide business administrators in designing new effective solutions for their enterprise against various types of phishing threats.

摘要

网络钓鱼是一种身份盗窃，它欺骗互联网用户泄露他们的敏感数据，例如登录信息、信用卡/借记卡详细信息等。近年来，研究人员开发了各种反网络钓鱼方法。但是，问题仍然存在。因此，本文对网络钓鱼攻击方法和防御技术进行了详细分析。该调查分为五部分。首先，我们详细讨论网络钓鱼攻击的生命周期、它的历史以及这次攻击背后的动机。其次，我们介绍了用于传播网络钓鱼攻击的各种分发方法。第三，我们提供桌面和移动环境中各种网络钓鱼攻击技术的分类。第四，我们提供了多种网络钓鱼防护机制及其比较。最后，本文介绍了开发人员在处理这一关键攻击时面临的各种性能挑战。本文还提供了网络钓鱼攻击在移动和在线社交网络等新兴领域的后果。本文将帮助不同用户在使用 Internet 进行日常活动时避免网络钓鱼攻击，并将指导业务管理员为其企业设计新的有效解决方案，以抵御各种类型的网络钓鱼威胁。