Topic of interest: The internet is an essential communication tool.
People use the internet to
carry out a variety of transactions, including the buying and selling of products, banking, and even voting in social and political elections. In any transaction, the parties never need to meet, and the buyer occasionally may be dealing with a fraudulent company that doesn't exist. Therefore, security is not only necessary but also very crucial for conducting business online. Internet connectivity puts all security-critical applications, such as login pages for online banking, at danger of fraud. So-called phishing websites pose a common risk to consumers of online banking and e-commerce, and they have grown to be a serious security concern. Phishing is a form of electronic identity theft in which a combination of social engineering and web site spoofing techniques is used to trick a user into revealing confidential information with economic value. The emails and websites appearing to be from a legitimate organization are known as Phishing emails and Phishing websites respectively. Phishing scams try to deceive users into divulging their private information in order to gain access to their accounts. They employ websites that resemble those of trustworthy companies and take advantage of the end-user's ignorance of web browsing knowledge and security indicators. Although ongoing security awareness training is essential for avoiding and mitigating phishing attacks, effective anti- phishing techniques that prevent users from being exposed to the attack is an important step in mitigating these attacks. Anti-phishing protection refers to the security measures that individuals and organizations can implement to either prevent or mitigate the impact of a successful phishing attack. Certain anti-phishing protection may prevent phishing emails from ever entering a company's email system. Other anti-phishing protection measures can prevent users from clicking on potentially dangerous links and attachments within an email. Anti-phishing awareness training can also protect users by teaching them how to identify phishing attacks. Anti-phishing technology employs a variety of techniques to detect and block phishing emails. Certain anti-phishing solutions scan the content of inbound and internal emails for any language that could indicate a phishing or impersonation attack. Other anti-phishing technology scans email links and attachments and prevents users from accessing them if they are deemed suspicious. Problem statement: Phishing attacks are attempts to gain confidential financial information from online consumers by using fake websites that look like the real thing. Social engineering tactics are typically used in phishing attempts to drive consumers to the malicious website [3]. Users are specifically instructed in an email from what appear to be reliable sources to change their login details by clicking or following a hyper link [4]. Spear phishing, a targeted attack in which emails are sent to company employees in an effort to gain access to a company's computer system, and whaling, which targets senior corporate leaders, are two examples of phishing strategies [5]. Unfortunately, phishing's effects are fatal because those who are affected become open to identity theft and data breaches and lose faith in online transactions and electronic banking [6]. Users and enterprises are always employing renewable anti-phishing technologies to cut down on phishing efforts and safeguard themselves from any potential unwanted effects. This is significant because phishing tactics are always evolving, and new tricks are continually being developed. Since they operate automatically and have the ability to reveal hidden information that online users are unaware of, anti-phishing solutions using machine learning are proven to be more useful and effective in undermining phishing. Combining this machine learning with human wisdom can produce a powerful defense against phishing for. There have been few former reviews on phishing such as Suganya [10], Mohammad et al. [11,12], Sahu and Dubey [13], Almomani et al. [14] and Basnet et al. [15] among others.. By evaluating approaches like Bag of Words, frequency analysis, blacklists, support vector machines, and other artificial intelligence search methods, most authors have narrowed their attention to technical solutions for identifying phishing emails. There is not much discussion about non-technical solutions. To demonstrate the effectiveness of several machine learning techniques against email phishing, the authors also presented numerous research findings in a table format. However, it is hard to generalize such performance since these results have been derived from datasets with different characteristics. Most of phishing reviews have covered partly one or more of phishing aspects. For instance, Suganya [10] and Sahu and Dubey [13] briefly reviewed phishing attacks without showing the ways to combat them or their pros and cons. Mohammad et al. [11,12] discussed in general common solutions of website phishing without providing grounds for recommendations besides not covering specific intelligent approaches. Almomani et al. [14] reviewed intelligent solutions to detect phishing emails. Lastly, Basnet et al. [15] compared only few intelligent anti-phishing solutions without on elaborating the other computerized and classic approaches of anti-phishing. Therefore, this article not only comprehensively reviews phishing from wider perspective but also it critically analyses traditional and automated anti-phishing solutions. This paper serves researchers, organizations’ managers, computer security experts, lecturers, and students who are interested in understanding phishing and its corresponding intelligent solutions. This is since wider potential solutions have been critically analyzed and experimentally compared besides presenting classic solutions including educational, legal, and software based.