Topic of interest: The internet is an essential communication tool.

People use the internet to

carry out a variety of transactions, including the buying and selling of products, banking, and
even voting in social and political elections. In any transaction, the parties never need to meet,
and the buyer occasionally may be dealing with a fraudulent company that doesn't exist.
Therefore, security is not only necessary but also very crucial for conducting business online.
Internet connectivity puts all security-critical applications, such as login pages for online
banking, at danger of fraud. So-called phishing websites pose a common risk to consumers of
online banking and e-commerce, and they have grown to be a serious security concern. Phishing
is a form of electronic identity theft in which a combination of social engineering and web site
spoofing techniques is used to trick a user into revealing confidential information with economic
value. The emails and websites appearing to be from a legitimate organization are known as
Phishing emails and Phishing websites respectively. Phishing scams try to deceive users into
divulging their private information in order to gain access to their accounts. They employ
websites that resemble those of trustworthy companies and take advantage of the end-user's
ignorance of web browsing knowledge and security indicators. Although ongoing security
awareness training is essential for avoiding and mitigating phishing attacks, effective anti-
phishing techniques that prevent users from being exposed to the attack is an important step in
mitigating these attacks. Anti-phishing protection refers to the security measures that individuals
and organizations can implement to either prevent or mitigate the impact of a successful phishing
attack. Certain anti-phishing protection may prevent phishing emails from ever entering a
company's email system. Other anti-phishing protection measures can prevent users from
clicking on potentially dangerous links and attachments within an email. Anti-phishing
awareness training can also protect users by teaching them how to identify phishing attacks.
Anti-phishing technology employs a variety of techniques to detect and block phishing emails.
Certain anti-phishing solutions scan the content of inbound and internal emails for any language
that could indicate a phishing or impersonation attack. Other anti-phishing technology scans
email links and attachments and prevents users from accessing them if they are deemed
suspicious.
Problem statement: Phishing attacks are attempts to gain confidential financial information
from online consumers by using fake websites that look like the real thing. Social engineering
tactics are typically used in phishing attempts to drive consumers to the malicious website [3].
Users are specifically instructed in an email from what appear to be reliable sources to change
their login details by clicking or following a hyper link [4]. Spear phishing, a targeted attack in
which emails are sent to company employees in an effort to gain access to a company's computer
system, and whaling, which targets senior corporate leaders, are two examples of phishing
strategies [5]. Unfortunately, phishing's effects are fatal because those who are affected become
open to identity theft and data breaches and lose faith in online transactions and electronic
banking [6].
Users and enterprises are always employing renewable anti-phishing technologies to cut down on
phishing efforts and safeguard themselves from any potential unwanted effects. This is
significant because phishing tactics are always evolving, and new tricks are continually being
developed. Since they operate automatically and have the ability to reveal hidden information
that online users are unaware of, anti-phishing solutions using machine learning are proven to be
more useful and effective in undermining phishing. Combining this machine learning with
human wisdom can produce a powerful defense against phishing for.
There have been few former reviews on phishing such as Suganya [10], Mohammad et al.
[11,12], Sahu and Dubey [13], Almomani et al. [14] and Basnet et al. [15] among others.. By
evaluating approaches like Bag of Words, frequency analysis, blacklists, support vector
machines, and other artificial intelligence search methods, most authors have narrowed their
attention to technical solutions for identifying phishing emails. There is not much
discussion about non-technical solutions. To demonstrate the effectiveness of several machine
learning techniques against email phishing, the authors also presented numerous research
findings in a table format.  However, it is hard to generalize such performance since these results
have been derived from datasets with different characteristics.
Most of phishing reviews have covered partly one or more of phishing aspects. For instance,
Suganya [10] and Sahu and Dubey [13] briefly reviewed phishing attacks without showing the
ways to combat them or their pros and cons. Mohammad et al. [11,12] discussed in general
common solutions of website phishing without providing grounds for recommendations besides
not covering specific intelligent approaches. Almomani et al. [14] reviewed intelligent solutions
to detect phishing emails. Lastly, Basnet et al. [15] compared only few intelligent anti-phishing
solutions without on elaborating the other computerized and classic approaches of anti-phishing.
Therefore, this article not only comprehensively reviews phishing from wider perspective but
also it critically analyses traditional and automated anti-phishing solutions.
This paper serves researchers, organizations’ managers, computer security experts, lecturers, and
students who are interested in understanding phishing and its corresponding intelligent solutions.
This is since wider potential solutions have been critically analyzed and experimentally
compared besides presenting classic solutions including educational, legal, and software based.