International Journal of Safety and Security Engineering

Vol. 13, No. 2, April, 2023, pp. 333-340

Journal homepage: http://iieta.org/journals/ijsse

An Investigation on Vulnerability Analysis of Phishing Attacks and Countermeasures

Ganga Abhirup Kothamasu, Sree Keerthi Angara Venkata, Yamini Pemmasani, Senthilkumar Mathi*

Department of Computer Science and Engineering, Amrita School of Computing, Coimbatore 641112, Amrita Vishwa
Vidyapeetham, India

Corresponding Author Email: [email protected]

https://doi.org/10.18280/ijsse.130215 ABSTRACT

Received: 22 February 2023 A great venue for communication amongst regular people is the internet. Many efficient
Accepted: 3 April 2023 communication methods are available online, such as email, mailing lists, discussion
forums, chat services, online conferencing, and blogs. Social networking websites like
Keywords: Facebook, Instagram, and Twitter have recently entered the picture. People who want to
authentication, phishing, cybercrime, social steal personal information have discovered a technique with the least chance of getting
engineering, security, attack detected without meeting the target, known as phishing. Phishing is a cybercrime that
targets passwords, banking information, credit card information, and personal
identification through emails, phone calls, and texts. Mostly, online identity theft takes
the form of phishing. The phisher uses social engineering to obtain the victim’s account
and personal information. A person, a group, or a cluster within a group of people might
be the target. In the modern-day, cybersecurity is a major worry to provide a realistic
experience of phishing attacks. The present paper investigates and analyses various
phishing tools that can simulate such attacks. In addition, the paper investigates the
prevention methods and countermeasures. It also examines the kinds of phishing tools,
like Zphisher, CamPhish, and PyPhisher, being used to ensure that even people apart from
experts can be aware of what a phishing attack is and how to alert others about the risk
they pose and how to be prepared for them associated with the recent threats of Crelan
Bank and Uber.

1. INTRODUCTION another kind of contact intended to help target the victim [2].
The message appears as though it has come from a reliable
Faulty authentication is when a platform or program online source. Victims are tricked by their personal information to
has flaws or vulnerabilities that allow hackers to log in without spam websites. Malware may also possibly be transferred into
being detected and access all the user’s capabilities. The the target’s machine. Phishing attacks are matched by 482
different sorts of these inbuilt flaws are weak session CVE records (the year 2004 to the present 2022).
management and weak credential management. According to a recent report, targeted phishing attacks
Session management flaws can only be understood after affected over 90% of firms in 2019. Of these, 88 percent
familiarising how browsing and online authentication reported spear-phishing assaults, 83 percent voice phishing
typically operate. Each user interaction with a network on (also known as “Vishing”), 86 percent social media attacks, 84
social networking websites or online betting portals is logged percent SMS/text phishing (also known as “Smishing”), and
and added to a web session that the web application may track. 81 percent malicious USB drops. Phishing assaults increased
The web application provides the user with a session identity from 76 percent in 2017 to 83 percent in 2018, according to
for each visit. This identity is necessary for the application to the 2018 Proofpoint1 annual study, with all phishing attacks
interact with the user and answer requests. Stealing or using occurring more frequently than in 2017. The second quarter of
unauthorized users’ credentials to access the program is also 2019 saw a significant increase in phishing attacks reported
possible. As a result, managing credentials is crucial for compared to the first three quarters. According to a study from
cybersecurity. A web application must ensure that passwords the anti-phishing working group, this figure was greater in the
like 1234 or password are not permitted. If such passwords are first quarter of 2020 than in the prior year, concluding that
permitted to be used, credential management is weakened. It phishing attacks are rising [3].
is a sort of failed authentication if the online application cannot
defend users against hackers who force their way in using
stolen or compromised credentials. 2. LITERATURE SURVEY
Hackers might target one by combining information from
many sources. With the information they’ve discovered, they There are several ways to recognize phishing assaults. The
may design unique phishing techniques. They have creativity of the new phishing assaults requires periodic
successfully developed harmful malware targeting phishing revisions of these attacks. The heuristics approach attempts to
apps [1]. Hackers phish to trick users into disclosing their login comprehend the study of phishing websites and identify
credentials by giving them URLs to websites that seem just assaults based on several characteristics, including the domain
like online applications. Phishing begins with an email or name, domain age, spelling mistakes, picture source, etc. [4].

333
Different machine learning methods, such as the random forest The investigation [19] suggests an AI-based, self-aware,
algorithm, Support vector machine (SVM), swarm intelligence, self-defending system that delivers cogent responses. Send
genetic algorithm, etc., are employed in the machine learning responses from mail servers produced by algorithms to make
approach. SVM has been successfully utilized to address it harder for spammers. Additionally, use a language model
several classification issues [5]. The blacklist strategy involves trained using LSTM to create phrases in natural language
adding untrusted URLs or a list of prohibited websites to the based on the context of the email to make the answers unique
blacklist [6]. The URL being typed right now is compared to from each other and authentic to circumvent spammers’ easy
the malicious defined list. match filtering of emails. A comparison is given between the
Additionally, the contents are examined, and if the URL traditional machine learning method of logistic regression
content matches, the URL is banned, and the user is warned. using bigram and the deep learning methods of convolution
The blacklist also includes a total phishing page count [7]. neural network and CNN-LSTM as structures used to detect
Fuzzy logic-based data mining algorithms are utilized in the bad URLs for categorizing phishing URLs, CNN-LSTM
fuzzy rule-based technique to experiment and identify demonstrated the highest accuracy, at roughly 98 percent [20].
phishing websites [8]. The cantina-based technique employs In paper [21], a device setup method generates
both term frequency and inverse document frequency (TF-IDF) authentication credentials automatically from device settings.
for identifying phishing sites. The TF-IDF retrieval algorithm Compared to conventional authentication methods like
is frequently used for document classification and comparison passwords, the increased speed demanded by the technique is
[9]. The image-based method compares legitimate and tolerable, and the security offered is reasonable. Detailed
phishing websites based on visual similarities [10]. security and threat research showing that this technique
Phishing attempts are sometimes challenging to spot since neutralizes 9 out of 10 detected risks highlights the strategy’s
they frequently seem like spam or pop-up windows. Once the security advantages. In the paper [22], to determine the
attacker has your personal information, they can use it for important data protection strategy to stop unauthorized people,
identity theft and other crimes, damaging your excellent credit. the suggested security methods may be used with SSL, digital
Since phishing and cyber-attacks are the sneakiest ways to signatures, network security, etc.
steal someone’s identity, one must learn about the many The paper [23] provides a thorough analysis of research that
phishing attempts and how to avoid them [11, 12]. use machine learning (ML) and natural language processing
The primary focus is to examine phishing attacks in (NLP) techniques to spot phishing emails. Subsequently, the
cyberspace and any malicious web content that operates inside paper [24] overviews cyber security’s forecasting and
the browser [13]. It is impossible to scan for viruses in prediction techniques. First, four key responsibilities are
downloaded files that use third-party PC software and include covered: attack projection and intention recognition, intrusion
viruses. For instance, if a word document is downloaded to the prediction, predicting the cybersecurity state of the whole
PC, the VM cannot handle it since it employs no web-based network, and attack projection and intention recognition,
tools. In the study [14], the “Anti Phishing Simulator” program, which require projecting the attacker’s next move or intents.
which provides information on the phishing detection issue Theoretical underpinnings are frequently shared and
and how to recognize phishing emails, was created as part of complementary across methods and approaches to tackle these
it. This program examines the mail’s contents to identify issues. Compares and contrasts strategies based on continuous
phishing and spam emails. By using a Bayesian method, spam models like time series and grey models with those based on
terms that have been added to the database are categorized. discrete models like attack graphs, Bayesian networks, and
A brand-new hybrid deep learning model is suggested to Markov models.
recognize phishing assaults [15]. It has two parts: a The paper [25] emphasizes the development, propagation,
convolutional neural network (CNN) and an autoencoder (AE). and operation of malware, electronic system assaults, phishing
The AE is used to rebuild features that improve the connection websites, cyberbullying, etc. After thoroughly examining the
between the characteristics. The results of the studies reveal numerous cases, a conclusion and the development of
that the model has a mean accuracy of over 97.68 per cent in technologies like Honeypots and certain preventive methods
detecting phishing attempts, but it also has a high degree of to stop cybercrime were reached. All facets of society are now
generalizability and can do so in an acceptable time frame. The digitally connected due to global development and digitization
work in the study [16] analyses emails using data mining using the internet of things. Nowadays, banking involves
techniques and helps avoid phishing scams. This study marketing and internet financial transactions. Cloud
developed an architectural approach that uses naïve Bayesian computing is used in business, yet it is also subject to several
classification to accurately distinguish between fraudulent and hazards, including responsibility and data ownership. The
authentic emails. The suggested algorithm attempts to shield article concludes India’s terrible state and makes predictions
users from disclosing their private information by working in regarding the country’s future regarding cyber security.
steps to detect fraudulent emails.
A secure authentication mechanism uses QR codes and
secret key exchange [17]. This authentication system contains 3. METHODOLOGY
a mobile application just for authentication, eliminating the
need to enter website login information and making it more The attacker makes their false websites, for instance, a fake
resistant to phishing. The work [18] examines many phishing Facebook website with a phishing.php file that would gather
attempts, some of the most recent assault evasion methods, and all kinds of information and an index.html page. Without
anti-phishing strategies. This review helps users practice logging in, the attacker visits the Instagram page. The attacker
phishing avoidance by increasing their awareness of those searches for word action to locate a connection as follows.
phishing methods. Here, a hybrid phishing detection method Action= Login attempt=1 at
with quick response times and excellent accuracy is also https://www.instagram.com/login.php
discussed.

334
 The attacker next registers for a free hosting account on a Table 2 lists all the dependencies, features, usage, port
site like http://www.get-new-followers.com. The phishing forwarding options, and data that a specific tool can record.
website was then constructed when the attacker submitted a When comparing the three tools with their templates,
PHP file and an HTML page bearing his name. Now the PyPhisher has around 65 templates that give users a broad
attacker may begin phishing. range of options. PyPhisher phishing tool takes more time
when compared with the other two tools and does an attack in
3.1 PyPhisher around 64 seconds.

Python’s PyPhisher is the best phishing tool available. It is Table 2. Comparisons of tools
a Python-based tool used for creating phishing pages. The tool
includes several well-known websites, including Facebook, Phishing PyPhisher Zphisher CamPhish
Twitter, Instagram, GitHub, Gmail, and many others. The tools
PyPhisher phishing tool has 65 templates. The credentials Requirements Python(3), PHP, Wget, PHP, Git,
retrieved after the attack are recorded in the usernames.txt file, PHP, Curl, Curl, OpenSSH,
Unzip, Wget, OpenSSH, Wget
and Ip addresses are stored in ip.txt.
100MB- git
storage.
3.2 Zphisher Port Ngrok, Local Host, Ngrok,
Forwarding Cloudflare Ngrok, Serveo.net
Zphisher is an effective open-source phishing tool. This tool Options Cloudflare
allows you to engage in phishing (in a wide area network). Attack Time 64 seconds 26 seconds 40 seconds
This tool can obtain credentials like a user id and password. It Templates 65 34 3
provides phishing templates of web pages for 18 well-known Usage Easy Easy and Easy
websites, including Facebook, Instagram, Google, Snapchat, User-
friendly
Microsoft, and others. The Zphisher phishing tool has a total
Data Get an IP Get an IP Get an IP
of 34 templates of web applications that look mostly the same address and address with address with
as the original platforms. When the victim falls for the fake many other login cam shots
templates and gives their credentials, those are directly stored details, along credentials. (webcam
in the usernames.txt file. Zphisher also supports multiple with login access)
phishing attacks, including tab nabbing, credential harvesting, credentials.
and phishing over social media.
The financial institutions targeted 23.6 percent of all
3.3 CamPhish phishing attacks during the first quarter of 2022. Additionally,
webmail and web-based software services accounted for 20.5
CamPhish is a camera phishing toolkit and a method for percent of assaults, making them the two most often targeted
photographing the target’s front-facing phone camera or sectors for phishing during the reviewed quarter [26].
computer webcam. To create a URL one provides to the target,
CamPhish hosts a false website on an internal PHP server. If 70
the target agrees, the website requests their camera access, and
60
this tool then takes screenshots of the target’s gadget. The
CamPhish phishing tool has two port forwarding options, 50
Ngrok and Serveo.net. It generates a direct link the user sends 40
to the victim to access the victim’s webcam and get cam shots. 30
These pictures that are retrieved are stored in the CamPhish
20
folder directly.
Cybercriminals often use the tools stated above for illegal 10
activities, which can result in serious data loss. These tools are 0
created to carry out phishing attacks. It’s crucial to stay alert Time
and take precautions to protect your online accounts and
confidential information. PyPhisher Zphisher CamPhish

Figure 1. Time analysis of tools (in seconds)

4. RESULT ANALYSIS
As shown in Figure 1, Zphisher is the fastest phishing tool
The current section discusses the result analysis. As shown
and does an attack in 26 seconds. Followed by the CamPhish
in Table 1, the PyPhisher and Zphisher phishing tools are only
phishing tool, which does the attack in 40 seconds.
tested on Linux and Android. At the same time, the CamPhish
tool is tested on Linux, Mac, and Android.
5. PREVENTION METHODS AND
Table 1. Platforms with tested tools
COUNTERMEASURES
Phishing tools PyPhisher Zphisher CamPhish
Even though there are many prevention strategies, the first
Linux Yes Yes Yes
Mac Yes main measure and approach are to improve awareness of
Windows phishing. Hackers can easily fool people and make them
Android Yes Yes Yes victims of this attack at ease. Therefore, all individual users

335
and workers must know about dealing with and identifying 3) Remedial strategies that can bring down the
these suspicious emails and report them immediately to their compromised site, by mentioning the site’s Web
specific authorities. Thousands of people log into their social access Supplier (ISP) to close the fake site to keep
media handles every day. Phishing in this sector has become additional clients from falling casualties to phishing
very popular and proved to be one of the favourite mediums to [30]. ISPs are liable for bringing down counterfeit
trap its victims. Whatever it may be, some countermeasures sites. Eliminating the split between the difference and
are mentioned as follows. unlawful sites is a perplexing cycle; numerous
• Installing anti-virus or anti-spam software can help substances are engaged in this interaction, from
detect and prevent any unauthorized access. We need privately owned businesses, self-administrative
to keep it up to date for it to function properly. bodies, government offices, volunteer associations,
• Usage of a unique password for each account must be policing, and specialist organizations. As indicated
introduced. by the PHISHLABS report and a study, bringing
• Social media must never be trusted because our down phishing locales is useful, yet it isn’t
credentials and personal information are sometimes compelling as these destinations can, in any case, be
asked for through forms. Sharing all this sensitive alive for a long time, ISPs can reduce the number of
information must always be avoided. phishing emails that reach users by up to 90 percent.

5.1 Countermeasures – An investigation 5.2 Recent threat of Phishing attacks

The technical measures by various authors are investigated Phishing attacks are common these days and are becoming
as follows. worse over the years rather than completely disappearing.
Even though some security applications offer the slightest
1) Procedures to distinguish the assault after it has been defences against these small phishing attacks, the tools
sent off. For example, by checking the web to track provided over here are not 100%, and there is a broad chance
down illegal websites. For instance, content-based that many unwanted websites or fraud messages pave their
phishing identification approaches are intensely sent way through. The real-life examples of phishing attacks are as
on the web. The highlights from the site components follows.
like the picture, URL, and text content are dissected • Crelan Bank: In this bank, the attacker sent mail to
by Rule-based approaches and AI/ML that analyze one of the employees acting as CEO, asking the employee
the presence of exceptional characters (@), Domain to transfer the funds into the account the attacker controls.
IP addresses, and much more [27]. Fuzzy Logic has Thinking that the CEO had sent the mail, the employee
additionally been utilized as an enemy of the phishing transferred huge funds to the attacker’s account. This
model to assist with grouping sites into authentic or attack happened because of faulty authentication on the
‘phishy’ as this model takes care of intervals rather domain server side. It led to a huge loss of over 75.6
than explicit numeric qualities/values [28] The major million dollars. This attack consists of a simple spear-
benefit of fuzzy logic techniques is the ability to phishing email sent to a senior executive of the company,
relate the likelihood of phishing emails and websites a member of the financial team, or even a random
by using linguistic variables to reflect important employee. There have also been occasions where the
phishing characteristics or signs. This model was sender attempted to pass themselves off as a business
created and put into use utilizing the incircle fuzzy associate or even a representative of the organization,
rule interpolation technique. requesting money be transferred to a certain account to
2) Ways to prevent the attack from going towards a complete a pressing business transaction. To trick upset
user’s system. Phishing counteraction is a significant employees into transferring the money without first
stage to safeguard against phishing by obstructing a double-checking with someone from within the company,
client from seeing and managing the assault. In email the hacker utilized real graphics and a fake domain name.
phishing, against spam, programming devices can • Facebook and Google: Between 2013 and 2015, they
obstruct dubious messages. Phishers typically send a used Quanta, the Taiwan-based company, as their vendor.
veritable clone email that hoodwinks the client to The attacker sent a series of fake invoices to both
open or snap on a connection. Some of these companies imitating Quanta, and both companies paid
messages pass the spam channel since phishers use (100 million dollars) as per the invoice. But later, the scam
incorrectly spelt words. Hence, methods that identify was identified, and companies acted against the attacker.
fake messages by checking the spelling and language Another recent incident that impacted a lot is the massive
structure revision are progressively utilized, so it can breach suffered by Uber. The popular ride-hailing company
keep the email from arriving at the client’s post box. Uber has faced an enormous data breach in which the company
According to the study [29], a new classification fell victim to a general Phishing scam where the attacker
algorithm is based on random forest. The developed fantasized about being someone associated with the company.
method id was PILFER (Phishing Identification by They then persuaded an employee with many login credentials
Learning on Features of Email Received). It can to get access to the company’s internal systems. The company
identify phishing emails depending on many features then lost their respect and reputation across the whole world.
like IP-based URLs, number of domains, dots, Thus, one phishing attack can cause great loss. This issue
unmatched URLs. According to a study, PILFER happened on 15 September 2022 and became a massive
detected 96 percent of phishing emails correctly, with phishing attack. On 15 September 2022, Uber’s internal
a false-positive rate of 0.1 percent. This intends to systems were completely compromised. The attacker figured
achieve an overall accuracy of 99.5 percent. out how to hack the organization’s hacker one account, then

336
accessed a Leeway account which gave access to the AWS
web administrations and even the GCP accounts. Hence, Uber
is still investigating the incident; most internal systems were
temporarily disabled due to the hack/ phishing attack. On 15
September 2022, an 18-year-old learned to hack Uber through
phishing. He (the hacker) had a small blueprint of the
organization’s inward frameworks and initiated some social
strategies to compromise a worker’s account. After earning the
account credentials, he gained access to the company’s
internal databases and obtained full control over the
company’s Amazon Web Services and even the Google Cloud
Accounts. An official tweet circulated during the incident is Figure 2. An official tweet
shown in Figure 2.

Figure 3. Process flow diagram

Figure 4. Possible prevention for the UBER attack flow diagram

337
 Firstly, the hacker might have done a brief information information.
search on the victim, which means that he underwent the foot- • Lack of multi-factor authentication: A security feature
printing phase and purchased highly sensitive information like known as multi-factor authentication asks users to
username, address and phone number from an online source provide a second piece of information besides their
named DARK WEB, as shown in Figure 3. Almost all password, such as a code delivered to their phone.
sensitive information of many organizations and people is Multi-factor authentication may not have been in use at
available for a certain amount of money. This being a crucial UBER at the time of the attack, making it simpler for
step, the whole process completely depends upon this. If that the attackers to access employee accounts.
information is proven wrong, the hacker fails to proceed
further. He then immediately imposed a social engineering 5.3 Other countermeasures
assault on his victim. Eventually, the victim’s trust was gained
and gave him a positive result as the victim finally fell into his The other countermeasures are discussed as follows.
trap. All other information related to the company was spilt 1) Like the security key method, there must be a limit to
out, and the hacker finally gained access to the company’s the number of verified devices. Only the devices
database, restricted portals, and internal networks by scanning. assigned permission can access the account and its
NMAP, Nexpose, and Wireshark might have been used to required sensitive information when there is a limit
detect input-output packets, open ports, private and restricted for the number of devices. By this, if a third-party
ports, Ip addresses and much more. Login credentials of the member tries to access it, he/she would be restricted.
Uber admin were given out, parallelly giving access to its If they want to access it, they would only do so
Thycotic PAM, where the company stores all its passwords in through the assigned devices, which are highly
an encrypted form and helps manage their privileges. Thycotic secured and encrypted. This method may not be
PAM is like a key for hackers to access the whole company. optimal in all situations, but it proves secure.
As he had the admin’s credentials, he could break into it easily. 2) The company must ensure that all its employees or
Finally, he got access to all other services like Slack, AWS and admins undergo strict training, so they won’t fall for
much more. all the silly tricks the hacker imposes. In contrast to
Whenever the hacker sends a phishing email/message to this issue, the company’s admin unknowingly fell
anyone, there is a high probability that they fall into the hands into the trap of a teen. They must be given at least
of the hacker. The possible prevention for the UBER attack four to six months of training before their joining date
flow diagram is shown in Figure 4. Similarly, the admin first to prevent these small mistakes.
sent this and spammed it with many messages to gain trust. 3) Setting a limit to the number of notifications on every
There are many ways to prevent this from occurring. Some of admin’s device is also a major factor. When an
the effective methods include as follows. employee or admin is targeted under social
• Using a hardware device as a security key: when the engineering hack, the hacker continuously troubles
admin/employee gets a phished email or suspicious and threatens that person. When some emails or
message from a third person, it’s better not to respond. notifications are received, the admin (victim)
If he/she decides to access that email or link, they eventually stops getting those threatening
could use a hardware security key, typically a USB. notifications for some time. The company can take
That device could be inserted in the admin’s system; this issue immediately after that shoot; on the other
it then uses a random encryption/ security algorithm hand, the admin would also change his mind and
and makes it safe for the system to be accessed/ thoughts about those notifications.
hacked; it might also help detect suspicious emails. It The company can provide an encrypted device to all its
restricts the third person from hacking. employees/admins, which generates passwords. Of this, the
• Anti-Phishing Tools: This is one of the most revised hacker needs to hack repeatedly to get the correct credentials
and traditional methods of detecting spam, suspicious or information.
email, and messages. These tools are embedded into
the system to recognize unwanted emails and prevent 5.4 Measures and suggestions to avoid and reduce phishing
the user/admin from clicking them. and network security
• Using alert/notification software: an alert system is
embedded. It ensures the system receives the 1) Implement email authentication: Implement email
message from the company’s network domain. All authentication protocols such as DKIM, SPF, and
the users and officials of the company always DMARC to prevent email spoofing and increase
communicate through a separate network domain. It email security.
keeps the admin on the right path. The admin gets an DomainKeys Identified Mail (DKIM): DKIM is an email
alert of the whole message and judges it based on authentication protocol that verifies the authenticity of an
location. email message by attaching a digital signature to the email
The success of phishing attacks can be summarized as header. The signature is created using the sender’s private key
follows. and is validated by the recipient’s email server using the
• Techniques used in social engineering: Phishing sender’s public key.
attacks frequently use social engineering techniques to Sender Policy Framework (SPF): SPF is an email
deceive people into disclosing sensitive information. In authentication protocol that verifies that an email message was
the case of the UBER attack, the attackers most likely sent from an authorized IP address associated with the sender’s
used a convincing email or website that gave the domain. SPF records are published in the sender’s DNS
impression it belonged to a respectable organization to records and specify which IP addresses are authorized to send
fool UBER personnel into providing their login emails on behalf of the domain.

338
 Domain-based Message Authentication, Reporting, and Springer Singapore, pp. 211-220.
Conformance (DMARC): DMARC is an email https://doi.org/10.1007/978-981-15-5558-9_21
authentication protocol that builds on DKIM and SPF to [3] Alkhalil, Z., Hewage, C., Nawaf, L., Khan, I. (2021).
provide additional security measures. DMARC enables Phishing attacks: A recent comprehensive study and a
email receivers to determine the authenticity of an email new anatomy. Frontiers in Computer Science, 3: 563060.
message by verifying that it passes both DKIM and SPF https://doi.org/10.3389/fcomp.2021.563060
checks. DMARC also provides guidelines for handling [4] Meena, K., Kanti, T. (2014). A review of exposure and
messages that fail authentication checks, such as avoidance techniques for phishing attack. International
quarantining or rejecting them. Journal of Computer Applications, 107(5): 27-31.
2) Web Filtering: Implementing web filtering tools can [5] Akinyelu, A.A., Adewumi, A.O. (2014). Classification
help to prevent employees from accessing known of phishing email using random forest machine learning
phishing websites and block malicious content from technique. Journal of Applied Mathematics, 2014:
being downloaded onto the network. 425731. https://doi.org/10.1155/2014/425731
3) Conduct regular security audits: By conducting [6] Khonji, M., Iraqi, Y., Jones, A. (2013). Phishing
regular security audits, organizations can identify and detection: A literature survey. IEEE Communications
address vulnerabilities and weaknesses in their IT Surveys & Tutorials, 15(4): 2091-2121.
infrastructure, policies, and procedures and improve https://doi.org/10.1109/SURV.2013.032213.00009
their overall security posture. This can help to reduce [7] Patil, P., Devale, P. (2016). A literature survey of
the risk of security breaches and other cyber threats phishing attack technique. International Journal of
and increase confidence in the organization’s ability Advanced Research in Computer and Communication
to protect sensitive data and assets. Engineering, 5(4): 2091-2121.
[8] Shaikh, A.N., Shabut, A.M., Hossain, M.A. (2016). A
literature review on phishing crime, prevention review
6. CONCLUSIONS and investigation of gaps. In 2016 10th International
Conference on Software, Knowledge, Information
There are various solutions/preventions available, but Management & Applications (SKIMA), Chengdu, China,
whenever any solution is proposed to overcome these attacks, pp. 9-15. https://doi.org/10.1109/SKIMA.2016.7916190
phishers always come with the vulnerabilities of the solution [9] Purkait, S. (2012). Phishing counter measures and their
to make the attack successful. All these phishers made sure effectiveness–literature review. Information
that they used communication media to perform all the Management & Computer Security, 20(5): 382-420.
restricted activities using fake web pages and spoofed emails. https://doi.org/10.1108/09685221211286548
But the average user who falls prey to phishing suffers a [10] Chen, J., Guo, C. (2006). Online detection and
terrible loss since they are unaware that their personal prevention of phishing attacks. In 2006 First
information is being used against them for fraud or even that International Conference on Communications and
their bank accounts are being raided without their knowledge. Networking in China, Beijing, China, pp. 1-7.
So, it becomes crucial to confirm that users have received the https://doi.org/10.1109/CHINACOM.2006.344718
essential instruction and information on the dangers of [11] Chiew, K.L., Yong, K.S.C., Tan, C.L. (2018). A survey
compromised authentication due to phishing scams or poor of phishing attacks: Their types, vectors and technical
passwords. It not only destroys one’s identity, and it never approaches. Expert Systems with Applications, 106: 1-
misses to create a bad impression on e-commerce, which is 20. https://doi.org/10.1016/j.eswa.2018.03.050
very much necessary in this present era of the internet. Of the [12] Nakkeeran, M., Mathi, S. (2021). A generalized
constantly changing international requirements, organizations comprehensive security architecture framework for IoT
must implement efficient security safeguards. By all means applications against cyber-attacks. In Artificial
feasible, they must ensure the prevention of faulty Intelligence and Technologies: Select Proceedings of
authentication. In the modern-day, cybersecurity is a major ICRTAC-AIT 2020, Singapore: Springer Singapore, pp.
worry. There is also a comparison between various phishing 455-471. https://doi.org/10.1007/978-981-16-6448-9_46
tools to ensure that even people apart from experts can be [13] Mishra, A.K., Tripathy, A.K., Swain, S. (2018). Analysis
aware of what a phishing attack is and take some measures to and Prevention of Phishing Attacks in Cyber Space. In
prevent themselves from it. 2018 First International Conference on Secure Cyber
Computing and Communication (ICSCCC), Jalandhar,
India, pp. 430-434.
REFERENCES https://doi.org/10.1109/ICSCCC.2018.8703343
[14] Baykara, M., Gürel, Z.Z. (2018). Detection of phishing
[1] Sharma, H., Meenakshi, E., Bhatia, S.K. (2017). A attacks. In 2018 6th International Symposium on Digital
comparative analysis and awareness survey of phishing Forensic and Security (ISDFS), Antalya, Turkey, pp. 1-
detection tools. In 2017 2nd IEEE International 5. https://doi.org/10.1109/ISDFS.2018.8355389
Conference on Recent Trends in Electronics, Information [15] Zhang, X., Shi, D., Zhang, H., Liu, W., Li, R. (2018).
& Communication Technology (RTEICT), Bangalore, Efficient detection of phishing attacks with hybrid neural
India, pp. 1437-1442. networks. In 2018 IEEE 18th International Conference
https://doi.org/10.1109/RTEICT.2017.8256835 on Communication Technology (ICCT), Chongqing,
[2] Mathi, S., Srikanth, L. (2020). A new method for China, pp. 844-848.
preventing man-in-the-middle attack in IPv6 network https://doi.org/10.1109/ICCT.2018.8600018
mobility. In Advances in Electrical and Computer [16] Sahoo, P.K. (2018). Data mining a way to solve Phishing
Technologies: Select Proceedings of ICAECT 2019, Attacks. In 2018 International Conference on Current

339
 Trends towards Converging Technologies (ICCTCT), [23] Salloum, S., Gaber, T., Vadera, S., Sharan, K. (2022). A
Coimbatore, India, pp. 1-5. systematic literature review on phishing email detection
https://doi.org/10.1109/ICCTCT.2018.8550910 using natural language processing techniques. IEEE
[17] Taraka Rama Mokshagna Teja, M., Praveen, K. (2022). Access, 10: 65703-65727.
Prevention of phishing attacks using QR code safe https://doi.org/10.1109/ACCESS.2022.3183083
authentication. In Inventive Computation and [24] Husák, M., Komárková, J., Bou-Harb, E., Čeleda, P.
Information Technologies: Proceedings of ICICIT 2021, (2018). Survey of attack projection, prediction, and
Singapore: Springer Nature Singapore, pp. 361-372. forecasting in cyber security. IEEE Communications
https://doi.org/10.1007/978-981-16-6723-7_27 Surveys & Tutorials, 21(1): 640-660.
[18] Athulya, A.A., Praveen, K. (2020). Towards the https://doi.org/10.1109/COMST.2018.2871866
detection of phishing attacks. In 2020 4th international [25] Deep, V., Sharma, P. (2018). Analysis and Impact of
conference on trends in electronics and informatics Cyber Security Threats in India using Mazarbot Case
(ICOEI)(48184), Tirunelveli, India, pp. 337-343. Study. In 2018 International Conference on
https://doi.org/10.1109/ICOEI48184.2020.9142967 Computational Techniques, Electronics and Mechanical
[19] Kovalluri, S.S., Ashok, A., Singanamala, H. (2018). Systems (CTEMS), Belgaum, India, pp. 499-503.
LSTM based self-defending AI chatbot providing anti- https://doi.org/10.1109/CTEMS.2018.8769140
phishing. In Proceedings of the First Workshop on [26] https://www.statista.com/statistics/266161/websites-
Radical and Experiential Security, pp. 49-56. most-affected-by-phishing/, accessed on Oct 2021.
https://doi.org/10.1145/3203422.3203431 [27] Jeeva, S.C., Rajsingh, E.B. (2016). Intelligent phishing
[20] Vazhayil, A., Vinayakumar, R., Soman, K.P. (2018). URL detection using association rule mining. Human-
Comparative study of the detection of malicious URLs centric Computing and Information Sciences, 6(1): 1-19.
using shallow and deep networks. In 2018 9th https://doi.org/10.1186/s13673-016-0064-3
International Conference on Computing, [28] Aburrous, M., Hossain, M.A., Thabatah, F., Dahal, K.
Communication and Networking Technologies (2008). Intelligent phishing website detection system
(ICCCNT), Bengaluru, India, pp. 1-6. using fuzzy techniques. In 2008 3rd International
https://doi.org/10.1109/ICCCNT.2018.8494159 Conference on Information and Communication
[21] Ulz, T., Pieber, T., Steger, C., Holler, A., Haas, S., Technologies: From Theory to Applicationsm,
Matischek, R. (2018). Automated Authentication Damascus, Syria, pp. 1-6.
Credential Derivation for the Secured Configuration of https://doi.org/10.1109/ICTTA.2008.4530019
IoT Devices. In 2018 IEEE 13th International [29] Fette, I., Sadeh, N., Tomasic, A. (2007). Learning to
Symposium on Industrial Embedded Systems (SIES), detect phishing emails. In Proceedings of the 16th
Graz, Austria, pp. 1-8. international conference on World Wide Web (pp. 649-
https://doi.org/10.1109/SIES.2018.8442106 656). https://doi.org/10.1145/1242572.1242660
[22] Kuppuswamy, P., Banu, R., Rekha, N. (2017). [30] Moore, T., Clayton, R. (2007). Examining the impact of
Preventing and securing data from cyber crime using new website take-down on phishing. In Proceedings of the
authentication method based on block cipher scheme. In anti-Phishing Working Groups 2nd Annual eCrime
2017 2nd International Conference on Anti-Cyber Researchers Summit, pp. 1-13.
Crimes (ICACC), Abha, Saudi Arabia, pp. 113-117. https://doi.org/10.1145/1299015.1299016
https://doi.org/10.1109/Anti-Cybercrime.2017.7905274

340