International Conference on Digital Transformation and Applications (ICDXA) 2020

Phishing Security: Attack, Detection, and Prevention Mechanisms

Wei Heng Lim1, Weng Foong Liew2, Chun Yew Lum3 and Seah Fang Lee4
Faculty of Computing and Information Technology,
Tunku Abdul Rahman University College
Kuala Lumpur, Malaysia
1
limwh-pm17@student.tarc.edu.my
2
liewwf-pm17@student.tarc.edu.my
3
lumcy-pm17@student.tarc.edu.my
4
leeseahfang@tarc.edu.my

ABSTRACT. While the Internet technologies have
been developed over the decades, a significant issue
has been coming along with it, the cybercrime.
Cybercrime consists of various types of cyberattacks
which could bring mild to serious adverse effects to
individuals or organizations’ operations. Among those
cybercrime attacks, phishing is one of the common
mechanisms used. The phishing attack could target on
any of the electronic communication users. The paper
provides an overview insight on the phishing security
concepts, ranging from various types of phishing
attack techniques, phishing detection mechanism to
prevention approaches. Comparison were included for
each of the phishing aspects.
KEYWORDS: Phishing attack, phishing detection,
phishing prevention, phishing security
1 INTRODUCTION
In traditional phishing, various channels are used
by criminals to either trick the victim directly by
using a scam or deliver payload indirectly with
the goal to obtain confidential or personal
information from the victim (Ollmann, 2008). In
a direct mechanism, the criminal may send
spoofed email messages, mimicking an auction,
payment sites, online bank, etc. to lead victims to
a fraudulent designed web page which looks like
the login page of the genuine site for getting the
users’ sensitive information. (Aleroud & Zhou,
2017; Hong, 2012). On the contrary, in an indirect
manner, a Trojan horse program could be
installed in the victim’s computer to enable the
criminal to use the computer as a message
propagator without the victim’s consent
(Ollmann, 2008).

Phishing has been bedevilled the Internet world 2 RELATED WORK

for over two decades, beginning from 1995 with
America Online (AOL) (Chiew, Yong, & Tan,
2018). The “phishing” is originated from the term
“fishing” where the operation of phishing is
similar to fishing in the following way: the
attacker ‘lures’ the victim by using a “bait” and
“fishes” to obtain personal or confidential
information of the victim (Chiew et al., 2018).
Phishing is a type of cyberattack in which social
engineering techniques are exploited by the
attacker to perform identity theft (Aleroud &
Zhou, 2017). The attacker who conducts the
phishing attack is commonly known as a
‘phisher’ (Ollmann, 2008). The aim of phishing
is to collect confidential and sensitive
information such as usernames, passwords, credit
card numbers and even moneys from the victims
(Aleroud & Zhou, 2017).
1
Ollmann (2008) stated phishing is not merely
obtaining user account details, but also included
stealing personal and financial data. In many
cases, phishers deploy social engineering factors
to mimic the valid authority in sending emails to
victims to surrender their confidential data.
Usually the phishing messages are delivered
through emails and spams. While others use web-
based approach which could be built by the
phisher or hosted as embedded content in a third
party web site. Ollmann suggested
countermeasures should be deployed into three
logical layers, which include from the client-side,
server-side, as well as enterprise. Nonetheless,
phishing detection mechanisms were not
discussed in the paper.
Generally the types of phishing attacks could be
categorized into: spear phishing, clone phishing,

ICDXA/2020/T3/03 ©ICDXA2020
 International Conference on Digital Transformation and Applications (ICDXA) 2020
whaling, phone phishing, Bioazih attack, Dyre
malware email, heart bleed phishing attack and
tabnabbing attacks as concluded by Lakhita,
Yadav, Bohra, & Pooja (2016).
Shaikh, A. N., Shabut, A. M., & Hossain, M. A.
(2016) provided a study on the anti-phishing
techniques which includes provide training to
users on phishing, detect phishing website based
on layout similarity, detect phishing email with
the use of hybrid features, detect phishing attack
by using neural network, neuro-fuzzy logic
approach, multi-tier phishing and filtering, data
mining, fuzzy data mining, computer vision
technique, and anti-phishing tools.
Similarly Suryavanshi, N. & Jain A.(2015)
discussed on various techniques used for phishing
attack detection and prevention, including list
based approach, ant colony optimization, phish
zoo, K-NearestNeighbor, information flow based
approaches, attribute based anti-phishing
techniques, etc.
Despite there are various discussions on the
phishing security, however there is lack of paper
which presenting an integrative study on the three
phishing aspects: phishing attack techniques,
detection mechanisms and prevention
approaches.
Due to page limit, the following sections discuss
on common mechanisms used in phishing attack,
detection and prevention.
123
3 PHISHING ATTACK
TECHNIQUES
3.1 Spear Phishing
123
Spear phishing is a type of phishing attack
technique that is customized and targeted at
specific individual, group or an organization
instead of spamming thousands of emails
randomly for the sake of collecting the
credentials of the users, or other sensitive and
confidential information (Aleroud & Zhou, 2017;
Bossetta, 2018; Chaudhary, 2014; Chaudhry,
Chaudhry, & Rittenhouse, 2016; Chiew et al.,
2018). Unlike other type of phishing attempts,
efforts to do research and understand a particular
organization’s context are required by the spear
phishers to create effective phishing emails in
spear phishing (Aleroud & Zhou, 2017).
ICDXA/2020/T3/03 ©ICDXA2020
In the effort of researching the targeted individual
or company, the attacker may conduct passive
reconnaissance by using Open Source
Intelligence (OSINT) such as browsing the
target’s social media profiles, the targeted
organization’s public website, registration
information from WHOIS databases, etc. Usually
this attack requires patient from the attacker in
gathering information and have a thorough
understand on the target. This is to ensure an
appropriate spear phishing email that customized
based on to the target’s background can be
generated and increase the success rate of attack.
123
3.2 HTTPS Phishing
123
HTTPS phishing is a type of phishing attack
technique that conform to security measures as a
legitimate HTTPS connection to trick users to
reveal their personal and confidential information
(Benitez-Mejia, Zacatenco-Santos, Toscano-
Medina, & Sánchez-Pérez, 2017). In HTTPS
phishing, a fake Certificate Authority (CA) has
been created to issue and sign web certificates for
the counterfeit web server. The intention is to
steal the credentials of victims since most of the
people would think that the data transferred in
HTTPS are safe. They tend to trust the web
application shown with a padlock in the web
browser’s address bar, as this indicates the
website is legitimate and has been certified by CA
(Benitez-Mejia, Zacatenco-Santos, Toscano-
Medina, & Sánchez-Pérez, 2017; Callegati,
Cerroni, & Ramilli, 2009).
In order to conduct a successful HTTPS phishing
attack, the attacker has to ensure the design of the
fake website which the victim will be redirected
to is looked similar to the legitimate website. This
is to reduce the suspicion from the target. Similar
technique has been applied to the URL of the fake
website as well. In addition, a fake web server’s
IP address could be added into the target’s host
file so that the computer is able to resolve the
URL of the website by directing to the actual IP
address of the fake website (Benitez-Mejia,
Zacatenco-Santos, Toscano-Medina, & Sánchez-
Pérez, 2017). For instance, given a sample of IP
address: 69.64.176.13. Assume this is the IP
address of a fake Facebook website. If the IP has
been added into the host file with the domain
 International Conference on Digital Transformation and Applications (ICDXA) 2020
name of www.facebook.com. Whenever the user
is accessing www.facebook.com, the computer
will resolve the URL into 69.64.176.13 instead of
the actual IP address of the legitimate Facebook
website. When the user entered his or her login
credentials into the fake website, the login
credential will then be stolen by the attacker.
123
3.3 Man in the Middle (MITM) Attack
123
MITM attack is a phishing attack technique in
which the phisher is positioned in the middle of
the victim and the legitimate website to
eavesdrop or intercept the messages transferred
between the victim and the website. This is done
by creating SSL connections among the victim
attacker, and server (Aleroud & Zhou, 2017;
Banu & Banu, 2013; Chiew et al., 2018; Ollmann,
2008). MITM attack can be performed by using
transparent proxy. A transparent proxy is
different from a traditional one, whereby it is
placed on the same segment of a network or
situated on a route to the real server, allowing all
data to be intercepted before routing it to the
destination server (Chiew et al., 2018; Ollmann,
2008). The advantage of using the transparent
proxy is that no configuration is needed on the
client side, thus the client will not be aware of the
existence of the proxy, believing that the data is
directed to its intended destination (Chiew, Yong,
& Tan, 2018).
123
3.4 Tabnabbing Attack
123
Tabnabbing attack is another type of phishing
attack founded in 2010 by a Mozilla developer
called Aza Raskin (Chiew et al., 2018; Lakhita et
al., 2016; Ryck, Nikiforakis, Desmet, & Joosen,
2013; Suri, Tomar, & Sahu, 2012). It is also
known as “tabjacking” or “tabnapping” which
derived from the words “tab” and “kidnapping”
of a tab in a browser (Suri et al., 2012). The
underlying concept of tabnabbing attack is that
the phisher hijacks or exploits the browser tab by
faking popular sites to convince the victims that
the sites are authentic so that they would provide
their login credentials and sensitive information
(Suri et al., 2012).
In tabnabbing attack, the victim will be tricked to
click on a URL which directed to a website
ICDXA/2020/T3/03 ©ICDXA2020
embedded with JavaScript in order to begin the
tabnabbing attack. When the victim clicked on
the link, the attacker will switch the victim to
other browser tabs for allowing the embedded
JavaScript to load a fake login web page. From
there the victim will be trapped in providing login
credentials to the attacker. However, tabnabbing
only workable if a victim opened multiple
browser tabs and does not pay attention on the
phishing website (Chiew, Yong, & Tan, 2018).
Usually the targeted victims are those busy
individuals such as students and employees, as
they tend to open multiple browser tabs to
perform multitasking.
123
3.5 Comparing Phishing Attack Techniques
123
Among the phishing attack techniques discussed,
man in the middle (MITM) attack is considered
as a dangerous attack. MITM attack could create
their own certificate by exploiting any HTTPS
and SSL-protected website, in which many of the
Internet users would trust on (Aleroud & Zhou,
2017). Moreover, MITM attack by using
transparent proxies which would force all the
HTTP and HTTPS traffic to pass through itself,
hence creating the chance for the phisher to
intercept the transmitted messages (Ollmann,
2008).
However, although the techniques used in the
MITM attack are similar with HTTPS phishing,
there is a significant difference between them,
The HTTPS involved additional requirement at
the client-side configuration, whereby the
addition or modification on IP address and
domain name in the victim’s computer host file is
required. The use of transparent proxies in MITM
does not require any configuration changes in the
client-side but HTTPS phishing does. Therefore,
the MITM phisher does not need to put in efforts
to trick the potential victims into changing the
required configuration in their computers, or even
takes the risk to access physically to their
computers to configure manually, which will be
time consuming and ineffective if the victim does
not take the bait.
Furthermore, there is another significant
difference which distinguish the MITM attack
from other phishing techniques in terms of danger
level, whereby MITM attack is not only able to
 International Conference on Digital Transformation and Applications (ICDXA) 2020
spy on the transmitted data through the
communication channel, but it also allows
unauthorized modification on the exchanged data
without the awareness from the two
communication parties (Attackieee et al., 2011).
Whereas for spear phishing, tabnabbing and
HTTPS phishing, phishers can only obtain the
victims’ credentials by leading the victims to a
web site under their control.
123
123
4 PHISHING DETECTION
MECHANISMS
123
4.1 Domain Name Based Features
123
To distinguish domain name based features
between legitimate and phishing websites, the
first criteria to be considered is domain length.
The domain name chosen by the phishers for
phishing attack usually would be longer than the
legitimate website (Alexander, 2006). Similarly,
the URL of a phishing website would usually
longer than the legitimate website. Meanwhile,
HTTPS will also be presented in a phishing
website for the sake of deceiving the users to
believe that the website is a trustable and safe site.
Shirazi & Ray (2018) commented that the domain
name placed before or after the copyright logo
could be an excellent distinguisher towards
phishing detection. This could be done by taking
50 characters before and after the copyright,
including remove the white space. If the resulting
string does not contain the actual domain name,
suspicion could be raised on the legitimacy of the
website.
This phishing detection approach allows normal
users to detect the phishing websites manually
based on the specific characteristics. The
advantage of the approach is no automated tools
is required in order for a user to detect a phishing
website. Moreover, no technical knowledge or
procedure is required by the users to perform this
phishing attack detection approach. Users can
determine the legitimacy of the websites by
paying attention to the domain name, URL
length, the presence of HTTPS and the domain
name with copyright logo of the website.
123
4
ICDXA/2020/T3/03 ©ICDXA2020
4.2 Visual Website Similarity
123
This detection is comparing the visual similarity
between legitimate and fake websites. A detector
could be created to detect on similar phishing
websites’ screenshots compared to real websites.
In addition, the phishing website signature, its
colour, texture information, etc. could also be
compared. The finding result could then be used
to alert users on the possible phishing website and
the URL (Lux, 2008).
Visual similarity works well to detect phishing
websites in general (Lux, 2008). However, the
comparison time for both phishing websites and
legitimate websites may incur a longer time when
different image comparison methods are used in
the website detector. Hence, an optimal images
comparison method is needed in the website
detector in order to shorten the images
comparison time. This requires further evaluation
and development to achieve better efficiency in
terms of comparing the visual similarity between
a legitimate website and a phishing website.
123
4.3 Sender-Centric Approach
123
This approach is mainly used to detect phishing
emails that targeted on banks. The sender-centric
approach uses the two-step system which
concerns on separation of banking messages from
non-banking messages and a set of rules to
identify phishing emails. The Support Vector
Machine (SVM) based classifier is used to
separate real or phishing banking messages apart
from non-banking sourced messages. This is
done based on the format of message, number of
URLs and keywords of the email (Hsu & Lin,
2002).
After the messages have been separated, three
rules will be applied to the messages sequentially.
Firstly, a message will be checked whether it is
sent by an email account come from Public Email
Service Providers (ESPs) such as Yahoo! Mail,
Hotmail and Gmail, as most of the phishers will
use public ESP accounts to send phishing emails.
Then, the sender’s geographical location of the
message will be checked to identify whether the
location of the sending machine matched with the
location of the bank’s message claimed to be, at
the country level. Lastly, the sending machine
 International Conference on Digital Transformation and Applications (ICDXA) 2020
will be checked whether it is authorized from the
bank the message claimed to be (Hsu & Lin,
2002).
123
4.4 URL-Based Heuristic
123
The approach detects URL of phishing websites
by focusing on the URL features and URL
ranking since phishing websites could not use the
exact URL of the legitimate websites. This
involved the techniques of URL features
checking and calculation of heuristic values in
order to determine whether an URL is linked to a
phishing website or a legitimate website. The
algorithm needs an input of URL or hyperlink
such as www.abcd.com to perform the checking.
On top of checking the URL features based on
primary domain, sub domain and path domain,
the algorithm also considers the ranking of
domain such as PageRank, AlexaRank and
AlexaReputation in order to detect phishing
websites as the ranking of the phishing websites
usually are not high (Nguyen, To, Nguyen, &
Nguyen, 2014).
123
4.5 Comparing Phishing Detection
Mechanism
123
The phishing mechanisms could be compared
based on two aspects, which are non-technical
and technical detection. Firstly, the domain name
based features could be considered as one of the
common mechanisms used by online users who
possess little computing knowledge to detect the
phishing attack. The technique does not require
any algorithms in the process of differentiating
the real and phishing website. Instead users just
required to pay attention on the domain length,
URL length, frequency of domain name, HTTPS
present and domain name with logo to identify
the legitimacy of a phishing site.
Secondly, in terms of technical detection, Sender-
Centric approach is considered as one of the
effective detection mechanisms in detecting the
phishing attack. Compared to domain name based
features, the Sender-Centric involved more
processes in email verification. An email has to
passed through three verification rules in order to
confirm whether it is sent from a legitimate site.
If the email cannot pass through any of the rules,
5
ICDXA/2020/T3/03 ©ICDXA2020
the email will be considered as a phishing email.
Hence organizations could consider to include the
sender-centric mechanism to enhance an
organization’s email security level.
123
123
5 PHISHING PREVENTION
MECHANISMS
123
5.1 Anti-phishing Tools
123
A commonly used anti-phishing tool is an anti-
phishing toolbar, which usually presented in the
form of browser’s plug-in extension. An example
of anti-phishing toolbar is eBay toolbar. To assist
a user to differentiate between a legitimate and
suspicious web page, the toolbar could
automatically keep track of every sites that
customers visited and show unreadable
destination message when a user has entered a
suspicious URL. SpoofGuard is another anti-
phishing tools which examines the authenticity of
a webpage by calculating the possibility of attack
rate using an algorithm and would generate a
warning message to the user if detected a web
page with high probability of being a spoof
(Suryavanshi, Shabut and Hossain, 2017).
123
5.2 List-Based Approaches
123
List-based approaches can be categorized into
two categories, which are blacklists and
whitelists. Both list approaches are the prominent
list-based approaches used to prevent phishing
attack nowadays. Blacklists consist of a list of
previously detected phishing URLs, IP addresses
or keywords that are updated frequently to
prevent online users from accessing those web
sites. Whereas the concept of whitelists is
contrary to the blacklists. In whitelist approach, a
list of legitimate sites in which the transaction and
communication are secure is maintained, guiding
users accessing to those legitimate web sites
(Abdul, Orunsolu, 2015).
123
5.3 User Education
123
User education is essential in preventing the
phishing attack. Victims were fell into a phishing
attack mainly due to lacking of knowledge on
 International Conference on Digital Transformation and Applications (ICDXA) 2020
phishing attack. Users are unable to differentiate
between legitimate and phishing emails or
websites. Supports are needed from the
government agencies as well as non-profits
organizations to promote education on the
knowledge of phishing attacks. Demonstration
such as the typical phishing attack techniques and
sharing of the tips with the users on ways to
prevent from falling in the phishing attack could
be performed (Huang, Tan and Liu, 2009).
User education is crucial to prevent phishing
attack as a typical phishing attack exploits the
vulnerabilities, especially the curiosity on human
by luring the victims with some interesting topics
such as unexpected prize, or a lottery attached
with malicious link which will direct the victims
to the phishing websites. If the victims are
equipped with the knowledge of phishing attack,
this will reduce the chances of falling into the
traps set by phishing attacks.
123
5.4 Two-Factor Authentication
123
Instead of providing only passwords that users
should always remember in order to authenticate
identities, two-factor authentication requires the
users to have the awareness on knowledge factors
and possession factors to prove their identity. The
knowledge factor is the information that a user
will know such as username and password
whereas the possession factor is an object that the
user owns, such as access card, key, one-time-
password (OTP) or authentication code.
For instance, to authenticate an identity, a user is
required to input the password, and an OTP sent
from SMS text message. This would prevent the
user’s account from being attacked as the attacker
who obtained user’s ID and password would fail
to proceed due to further authentication is
required. However, the approach is not very
secure as there is the possibilities a SMS text
message could be intercepted by a cybercriminal
and forwarded to another phone number (Purkait,
2012).
123
5.5 Comparing Phishing Prevention
Mechanism
123
In general, computer-based phishing prevention
approach is better than human-based as human
6
ICDXA/2020/T3/03 ©ICDXA2020
might make careless mistakes, such as
accidentally accessing to a phishing website
(Salahdine and Kaabouch, 2019). Furthermore,
most of the phishing websites could be filtered by
using computer-based prevention methods, in
which the human might not be able to do so as it
is difficult for human to memorize all phishing
websites.
Anti-phishing tool is one of the accessible
phishing prevention mechanisms for online users.
The tool is able to verify websites without
requires users to possess knowledge in anti-
phishing. It verifies the websites by referring to a
blacklist that listed the phishing URL. Most of the
phishing URL will be updated in the list and the
quantity of the blacklisted URL is high due to the
construction of paid experts who identify the
phishing sites and record the URL into the
blacklist. Furthermore, anti-phishing tools could
be implemented at different levels such as at
client-side, server-side or client-server side. In
the context of client-side, the anti-phishing tools
could be integrated with a web browser such as
Google Chrome and Mozilla Firefox to monitor
every activity performed by users and notify the
users if they are accessing phishing websites. In
server-side, phishing email filtering tools could
be implemented to the server to prevent phishing
attacks (Zeydan, Selamat and Salleh, 2015).
However, in case if none of the computer-based
phishing prevention method is available, the
human-based phishing prevention method will
then play an important role to prevent against
phishing attacks. As various phishing attacks are
designed based on social engineering factors,
educating users in phishing prevention will then
play an essential role.
123
6 CONCLUSION
Nowadays, phishing attack techniques have been
evolving and various types of harmful phishing
techniques which exploit based on the
vulnerabilities of both computer systems and
users have been created. Nonetheless, various
detection and prevention mechanisms have also
been designed to serve as countermeasures. The
paper provides an overview of study which
includes phishing attack techniques, detection
and prevention mechanisms. Comparisons were
 International Conference on Digital Transformation and Applications (ICDXA) 2020
included in each of the aspects. Although
software technologies could be used in
preventing phishing attacks, however the effects
could be increased if users are educated with the
phishing knowledge. Hence it would be essential
if users could be equipped with the knowledge of
phishing attack, detection and prevention
mechanisms in order to serve as a proactive
approach in counteract against the phishing
attacks.
7 ACKNOWLEDGEMENT
The authors would like to thank Tunku Abdul
Rahman University College for the given
supports.
REFERENCES
Abdul, Orunsolu. (2015) 'An Updated
Perspective on Phishing Countermeasures
and Their Effectiveness'.
Aleroud, A. and Zhou, L. (2017) ‘Phishing
Environments, Techniques, and
Countermeasures: A Survey’, Computers and
Security. Elsevier Ltd, 68, pp. 160–196.
Alexander, T. (2006) ‘Domain Name Registrars:
Are They Part of the Domain Name Fraud
Problem?’ Proceedings of the 3rd Annual
Conference on Information Security
Curriculum Development (InfoSecCD 2006).
Kennesaw, Georgia, USA, 22–23 September.
pp. 113–117.
Attackieee, D. O. F. M., Salifu, N. B. Y. and
Science. (2011) ‘Detection of Man-in-the-
middle Attack in IEEE 802.11 Networks’,
Department Of Electrical and Electronic
Engineering, Master Degree thesis, Kwame
Nkrumah University Of Science And
Technology, viewed 25 July 2019,
<http://ir.knust.edu.gh/bitstream/123456789/
509/1/SALIFU%20%20ABDUL-
MUMIN.pdf>.
Banu, M. N. and Banu, S. M. (2013) ‘A
Comprehensive Study of Phishing Attacks’,
International Journal of Computer Science
and Information Technologies, 4(6), pp. 783–
786.
7
ICDXA/2020/T3/03 ©ICDXA2020
Benitez-Mejia, D. G. N. et al. (2017) ‘HTTPS: A
Phishing Attack in a Network’, Proceedings
of the 7th International Conference on
Information Communication and
Management. Moscow, Russian Federation,
28–30 August. pp. 24–27.
Bossetta, M. (2018) ‘The Weaponization of
Social Media: Spear Phishing and
Cyberattacks on Democracy’, Journal of
international affairs, 71(1.5), pp. 97–106.
Callegati, F., Cerroni, W. and Ramilli, M. (2009)
‘Man-in-the-middle Attack to the HTTPS
Protocol’, IEEE Security and Privacy, 7(1),
pp. 78–81.
Chaudhary, G. K. (2014) ‘Development Review
on Phishing : A Computer Security Threat’,
International Journal of Advance Research
in Computer Science and Management
Studies, 2(8), pp. 55–64.
Chaudhry, J. A., Chaudhry, S. A. and
Rittenhouse, R. G. (2016) ‘Phishing Attacks
and Defenses’, International Journal of
Security and its Applications, 10(1), pp. 247–
256.
Chiew, K. L., Yong, K. S. C. and Tan, C. L.
(2018) ‘A Survey Of Phishing Attacks: Their
Types, Vectors and Technical Approaches’,
Expert Systems with Applications, Elsevier
Ltd, 106, pp. 1–20.
Hong, J. (2012) ‘The State of Phishing Attacks’,
Communications of the ACM, 55(1), pp. 74–
81.
Hsu, C. W., & Lin, C. J. (2002) ‘A Comparison
of Methods for Multiclass Support Vector
Machines’, IEEE Transactions on Neural
Networks, 13(2), pp. 415–425.
Huang, H., Tan, J., & Liu, L. (2009)
‘Countermeasure Techniques for Deceptive
Phishing Attack’, 2009 International
Conference on New Trends in Information
and Service Science. Beijing, China, 30
June–2 July. pp. 636–641.
Lakhita et al. (2016) ‘A Review on Recent
Phishing Attacks in Internet’, Proceedings of
the 2015 International Conference on Green
Computing and Internet of Things (ICGCIoT
2015). Noida, India, 8–10 October. IEEE, pp.
1312–1315.
Lux, M. (2008) ‘Using Visual Website Similarity
for Phishing Detection and Reporting’, CHI
'12 Extended Abstracts on Human Factors in
 International Conference on Digital Transformation and Applications (ICDXA) 2020

Computing Systems. Austin, Texas, USA, 5– Zeydan, H. Z., Selamat, A., & Salleh, M. (2015)
10 May. pp. 1625–1630. ‘Survey of Anti-Phishing Tools with
Nguyen, L. A. T., To, B. L., Nguyen, H. K., & Detection Capabilities’, 2014 International
Nguyen, M. H. (2014) ‘A Novel Approach Symposium on Biometrics and Security
for Phishing Detection Using URL-Based Technologies (ISBAST). Kuala Lumpur,
Heuristic’, 2014 International Conference on Malaysia, 26–27 August. pp. 214–219.
Computing, Management and
Telecommunications (ComManTel 2014). Da
Nang, Vietnam, 27–29 April. pp. 298–303.
Ollmann, G. (2008) ‘The Phishing Guide:
Understanding and Prevent Phishing
Attacks’, Security, pp. 1–42.
Purkait, S. (2012) ‘Phishing counter measures
and their effectiveness - literature review’,
Information Management & Computer
Security, 20(5), pp. 382 – 420.
Ryck, P. De et al. (2013) ‘TabShots : Client-Side
Detection of Tabnabbing Attacks’,
Proceedings of the 8th ACM SIGSAC
symposium on Information, computer and
communications security. Hangzhou, China,
8–10 May. pp. 447–455, doi:
10.1145/2484313.2484371.
Salahdine, F., & Kaabouch, N. (2019) ‘Social
Engineering Attacks: A Survey’, Future
Internet, pp. 1–42.
Shaikh, A. N., Shabut, A. M., & Hossain, M. A.
(2016) ‘A Literature Review on Phishing
Crime, Prevention Review and Investigation
of Gaps’, 2016 10th International
Conference on Software, Knowledge,
Information Management & Applications
(SKIMA). Chengdu, China, 15–17 December.
pp. 9–15.
Shirazi, H., Bezawada, B., & Ray, I. (2018)
‘"Kn0w Thy Doma1n Name": Unbiased
Phishing Detection Using Domain Name
Based Features’, Proceedings of the 23nd
ACM on Symposium on Access Control
Models and Technologies. Indianapolis,
Indiana, USA, 13–15 June. pp. 69–75.
Suryavanshi, N., Pradesh, M., Jain, A., &
Pradesh, M. (2015) ‘A Review of Various
Techniques forDetection and Prevention for
Phishing Attack’, International Journal of
Advanced Computer Technology (IJACT).
pp. 143–147
Suri, R. K., Tomar, D. S. and Sahu, D. R. (2012)
‘An Approach to Perceive Tabnabbing
Attack’, International Journal Of Scientific
& Technology Research, 1(6), pp. 90–94.
8

ICDXA/2020/T3/03 ©ICDXA2020