2023 3rd International Conference on Advance Computing and Innovative Technologies in Engineering (ICACITE)

A Review on Phishing Technique: Classification,

Lifecycle and Detection Approaches
2023 3rd International Conference on Advance Computing and Innovative Technologies in Engineering (ICACITE) | 979-8-3503-9926-4/23/$31.00 ©2023 IEEE | DOI: 10.1109/ICACITE57410.2023.10183292

Amandeep Kaur Syed Mohtashim Mian

Assistant Professor Assistant Professor
University Institute of Computing (UIC) University Institute of Computing (UIC)
Chandigarh University, Mohali, India Chandigarh University, Mohali, India
amandeep.e13750@cumail.in syedmohtashim15@gmail.com

Abstract — One of the most cutting-edge and potent hazards the resulting information found online to the highest
on the Internet is phishing. The phrase describes attacks when bidder.
the target is made to assume they are visiting a real website when
they are actually only viewing a replica of one. The most
common way to hack or steal passwords is through phishing.
This is accomplished by showing the bogus login page, also
known as the faked page. This study identifies the various types
of phishing attacks, the various approaches for phishing 1
detection, as well as the problems that arise when these threats
cannot be stopped. Emphasis has also been placed on the
necessity of developing a new type of structured framework for
evaluating the prevention mechanism for this fraudulent Target
Hacker
process.
3
Keywords: Phishing, Tab nabbing, UR, Phish Guard, Phish 4 2
Net, Spoof Guard, net craft, Detection

I. INTRODUCTION
Phishing is one technique used by phishing scammers to
trick unwary consumers into divulging their personal
information. A phishing website is a false website that has a
similar layout but goes to a different location. Criminals are
tricking computer users into disclosing private data, which
include passwords, bank account information, social security
numbers, and more. Users who are not suspicious post their
information believing that these websites are affiliated with
reputable financial organizations. These phishing websites
can only be quickly recognized by experts. However, not all
web users are experts in computer engineering; as a result,
they fall prey to phishing scams when they divulge their
personal information. [1]
x Phase 1 - A malevolent hacker impersonating a trusted
source sends the target an email or message. The target
is frequently prompted to click on a third-party link in
order to do a security check or a straightforward
feature upgrade.
x Phase 2 - The victim clicks on the malicious link in the
email, believing it to be from the sender—a bank or
business—and is taken to a fake website that is made
to look as real as possible.
x Phase 3 - The user is prompted to provide certain
confidential information on the false website, such as
login credentials for a particular website. The hacker
who created the website and malicious email receives
all the information when it is entered.
Original Website Phishing Website
Note:
Attacker sends phishing mail to target.
Victim clicks on fishing link & visits fake website.
Hacker collects important credentials.
Hacker uses victim’s credential to access private
information.
Fig. 1. How phishing attack takes place.
II. OBJECTIVE
The purpose of this paper is to study and analyze various
problems in phishing attacks. To provide benefit to the user so
that a systematic and more strong approach can be used to
maintain and prevent users from email scams. This paper
seeks to conduct a thorough literature study for the
examination of various preventative measures. This paper will
evaluate these capabilities' trends over the previous two years
and go over the countermeasures that are now in use.
Additionally, put your attention on locating and assembling
the preventative measures and developing a framework for
assessing these models.

x Phase 4 - The hacker is free to utilize the account

credentials after obtaining them by logging in or to sell

979-8-3503-9926-4/23/$31.00 ©2023 IEEE 336

Authorized licensed use limited to: AMITY University. Downloaded on September 08,2023 at 08:53:20 UTC from IEEE Xplore. Restrictions apply.
 2023 3rd International Conference on Advance Computing and Innovative Technologies in Engineering (ICACITE)
Fig. 2. Analysis of Phishing Attacks hosted on HTTPS
III. CLASSIFICATION OF PHISHING
The following are a few significant phishing types:
Deceptive phishing: Deceptive phishing is the practice of
sending links to a fake website to large numbers of people by
tricking them into clicking the link and being taken to the fake
website, where their private information is collected, with
promises of attractive discounts for prompt responses, account
verification, and apologies for system failure with a request to
re-enter/reset the account details.
Malware-based phishing: Malware like this is provided as
an attachment, concealed in a particular file that may be
downloaded from a website, or injected into apps by taking
advantage of a security flaw.
Content Injection Phishing: It is accomplished by
changing a section of the website with the content that has
affected code inserted into it, tricking people into disclosing
their personal information.
Man-in-the-middle phishing: The perpetrator of these
assaults, known as phishers, places themselves in between the
user and the legitimate website or system. The knowledge or
credentials gathered will be sold or used while the user isn't
active on the system.
Search engine phishing: In this search engines are used to
officially index the bogus websites, which will place them
among the top search results and increase traffic to the site.
More visitors will visit the website to play around as a result
of this.
Tab-nabbing: When the user's concentration is on
another tab, a simple-looking page opened in a browser tab
poses as the login page of a well-known web application. [1]
[2]
A. Role Of Password Attacking In Phishing
The most common technique for password hacking or
theft is phishing. The faked page, often known as the phony
login page, is displayed to accomplish this. We may infer that
password theft is a highly successful tactic from the
information compiled by the anti-phishing working group [2].
Assuming that the displayed website is a valid one, users will
enter their login information. Despite having a similar
appearance and feel, the batch program that runs in the
337
Authorized licensed use limited to: AMITY University. Downloaded on September 08,2023 at 08:53:20 UTC from IEEE Xplore. Restrictions apply.
background is what differentiates the two. For instance, if we
use the login page for Gmail as an example, the authentic page
will send login requests to the Gmail server, whereas the fake
one will send requests to the PHP server used by the hackers.
The fraudulent pages will appear. Phishing pages will
resemble authentic ones in appearance, but they will have a
different URL in the address box. The victim will never know
what really happened in the background, but his account has
already been compromised thanks to clever phishing pages
that send the stolen data, including passwords, to the hacker
while redirecting the requests to the original website.
Therefore, it is crucial to protect the password. The passwords
have been protected using a variety of methods. One such
approach is to only let the password be used once. As a result,
the server must determine whether the current password is
unique or not. As a result, passwords are rendered meaningless
to hackers even if they are taken. [3] [4]
B. Phishing In Social Networking
Users of social networking sites are readily duped into
providing their usernames and passwords by con artists, which
hackers then use to steal identities or money. When scammers
have access to a person's personal information, they can log
in, change their password, start to pose as that person, and
upload and post whatever they want. This causes a great deal
of panic, hurts the real user's self-esteem, and paints the real
user as the bad guy for the dirty work the hackers do. Even
worse, they send phony emails asking for money or trying to
access the accounts of more customers to the contact list of the
person who was hacked. Through these emails, they also
spread malware to further compromise or breach company
networks, web servers, database systems, etc. Cybercriminals
are increasingly focusing their attention on social networking
sites. [5]
Nowadays, phishers are more sophisticated. The latest
generation of phishers uses the same language used by Twitter
to draw in users. Users are instructed to click a link that will
take them away from the main website so they may enter their
username, password, the URL of the page they want to view,
and a 10-digit verification number. From that point forward,
hackers have simple access. The next generation of phishing
will be smarter and more inventive than the current
generation, making it more dangerous. If we pay attention to
trends in other online crimes, we will know this. [6]
By utilizing the client-side proxy and running it in the
user's web browser that requests the data, PoX is a Facebook
extension that allows the user to have fine-grained access
control over their private data without having to put their faith
in additional third parties. [7].
C. E-Mail Phishing
One of the most popular Internet services, email, has
emerged as the primary method for phishing. An email with
hyperlinks has developed into a particularly effective weapon
for phishers due to the widespread acceptance of Hypertext
Markup Language (HTML) by email clients. Forging is also
permitted by the email-sending protocol which is Simple Mail
Transfer Protocol (SMTP), which makes it easier for
spammers and hackers to do their dirty work. For the specific
issue of phishing detection, anti-spam methods like e-mail
filtering may not be sufficient and successful; computational
solutions are also required to combat this danger. The black
list/white list idea is used by many email tools and browser
 2023 3rd International Conference on Advance Computing and Innovative Technologies in Engineering (ICACITE)
extension tools to restrict the IP address of the SMTP server,
a domain, or even the sender's entire email domain. Due to the
possibility of forging the source address, this technique is not
impenetrable. With the volume of emails constantly growing,
it is becoming very difficult to counter phishing by email.
IV. APPROACHES FOR PHISHING DETECTION
Today, phishing is a problem that affects both consumers
and organizations on the internet. In order to get consumers'
personal information, one of the most popular strategies used
by attackers is to build a website that seems identical.
Passwords, Social Security numbers, account numbers, and
other confidential information are being gathered, a rogue
website may resemble an online bank or other financial
institution in appearance. It's possible that a victim won't
discover the rogue website until after their private data has
been exposed [8] [9]
Several methods for phishing detection include:
Email–Level Approach: This strategy aims to modify
email-level phishing assaults. The main idea is that victims of
a fake email cannot be duped if they do not open it. Before
phishing emails are delivered to consumers, they are
frequently detected using filters and content analysis tools. For
instance, a huge amount of phishing emails can be stopped by
utilizing training filters (like Bayesian filters).
Browser-integrated tool approach: These technologies can
be identified by comparing the URL of the website in the
address bar to a blacklist of URLs for dangerous websites, you
may detect phishing attacks. For instance, when a malicious
page loads in Microsoft Internet Explorer (IE) 7, the address
bar turns red. Spoof-Guard and Pwd-Hash are known for,
scholarly, browser-integrated methods to lessen phishing
assaults. Spoof-Guard analyses web pages for obfuscated
URLS and other phishing signs. Pwd-Hash, contrasted with,
produces passwords that are unique to a domain and are
worthless when used with another domain.
Webpage content analysis It looks at the content, pictures,
forms, input fields, and hyperlinks as well as the HTML code
on a Web page. Such content-based techniques have in the
past successfully detected phishing pages. However, more
lately, phishers have begun to build websites containing non-
HTML elements including Flash objects, pictures, and Java
applets. A phisher might develop a fake page that is entirely
made up of images even though the true page just contains text
content. When it comes to this, content-based anti-phishing
tools are unable to assess the suspicious webpage because it
only has HTML img/> elements in its HTML code.
Visual similarity-based approach: According to the brief
work by Liu et al., metrics should be defined by examining
and contrasting authentic and phishing websites, which may
be utilized to identify phishing pages. The plan is to divide up
the web pages into relevant pieces based on "visual signals."
Using the aforementioned measures, the level of similarity
between the two websites is then calculated. If the likeness to
the real website surpasses a certain threshold, the website is
considered a phishing page. [10]
338
Authorized licensed use limited to: AMITY University. Downloaded on September 08,2023 at 08:53:20 UTC from IEEE Xplore. Restrictions apply.
V. LIFE CYCLE OF PHISHING ATTACK
Fig. 3. Lifecycle of Phishing attack
1) By mimicking reputable websites, phishers establish
fraudulent websites.
2) The victim user receives a link to a phishing website
from the scammer.
3) The victim enters their login information on the
phishing website.
4) Phisher obtains the login details from the victim.
5) By utilizing the victim's login information, the
scammer can visit a real website.
Phishing attack is now a more serious issue. One's private
details, including their bank password and Gmail account, are
stolen as a result. To avoid these phishing attacks many
methods have been developed, and each method has its own
restrictions. So none of the methods is proven to be efficient
enough to solve all kinds of problems and still phishing attacks
take place.
VI. RESULTS
The following points are obvious when looking at the
phishing strategies listed above. In other words, every piece
of private information needs to be safer. The use of URL
verification is a crucial method for phishing detection. The
page can only be examined for any suspicious redirections to
phishing or other lawful websites after each hyperlink has
been verified. All forms that may be found on web pages need
to be assessed for the types of data that can be collected
through the form fields. 70% of attacks consist of the attacker
creating forms containing the input they need to inject
malicious code to steal users' credentials [11], particularly
usernames and passwords.
VII. CONCLUSIONS
A thorough framework to assess, classify, and handle
these phishing attacks on both the client and server side is
urgently needed, and this paper's main goal is to identify and
consolidate the protection mechanisms connected with
phishing frauds. The knowledge collected from this study is
anticipated to result in a set of design guidelines for the
system in the form of a structured framework for preventative
mechanism evaluation. A system cannot be fully protected by
a single model or technique. It is necessary to conduct
research inquiries to look into different technical challenges.
This essay tries to highlight the shortcomings of every
preventive mechanism now in use and stresses the necessity
of a new type of structured framework for prevention
mechanism evaluation. In conclusion, it is our hope that this
research will shed some light on the significance of these
 2023 3rd International Conference on Advance Computing and Innovative Technologies in Engineering (ICACITE)
detection and prevention mechanisms as well as how existing
mechanisms might be enhanced in order to develop better
preventative strategies.
REFERENCES
[1] Suri, Rableen Kaur, Deepak Singh Tomar, and Divya Rishi Sahu. "An
approach to perceive tabnabbing attack."International Journal of
Scientific and Technology Research 1.6 (2012): 90-94.
[2] Aburrous, Maher, et al. "Experimental case studies for investigating e-
banking phishing techniques and attack strategies." Cognitive
Computation 2.3 (2010): 242-253.
[3] Alsayed, A., and A. Bilgrami. "E-banking security: Internet hacking,
phishing attacks, analysis and prevention of fraudulent activities." Int.
J. Of Emerg. Techn. and Adv. Activ 7.1 (2017): 109-115.
[4] Mohtashim Mian, S., Kumar, R. (2023). Deep Learning for
Performance Enhancement Robust Underwater Acoustic
Communication Network. In: Maurya, S., Peddoju, S.K., Ahmad, B.,
Chihi, I. (eds) Cyber Technologies and Emerging Sciences. Lecture
Notes in Networks and Systems, vol 467. Springer, Singapore.
https://doi.org/10.1007/978-981-19-2538-2_24
[5] Nagunwa, Thomas. "Behind identity theft and fraud in cyberspace: the
current landscape of phishing vectors." International Journal of Cyber-
Security and Digital Forensics (IJCSDF) 3.1 (2014): 72-83.
[6] Mohtashim Mian S, Kumar R (2020) Reduced time application (RTA)
in distributed underwater wireless sensor in multipath routing
339
Authorized licensed use limited to: AMITY University. Downloaded on September 08,2023 at 08:53:20 UTC from IEEE Xplore. Restrictions apply.
network.In: 2020 international conference on computation, automation
and knowledge management (ICCAKM), Dubai, United Arab
Emirates, 2020, pp
1417.:https://doi.org/10.1109/ICCAKM46823.2020.9051480.
[7] Egele, Manuel, et al. "PoX: Protecting users from malicious Facebook
applications." Computer Communications 35.12 (2012): 1507-1515.
[8] Mian SM, Kumar R (2019) Review on intend adaptive algorithms for
time critical applications in underwater weless sensor auditory and
multipath networ. In: 2019 international conference on automation,
computational and technology management (ICACTM), London, UK,
pp.469–472
(2019). https://doi.org/10.1109/ICACTM.2019.8776782
[9] Jakobsson, Markus, and Sid Stamm. "Web camouflage: Protecting
your clients from browser-sniffing attacks." IEEE security & Privacy
5.6 (2007): 16-24.
[10] Mian, Syed Mohtashim and Kumar, Rajeev, Security Analysis and
Issues in Underwater Wireless Sensor Auditory and Multipath Network
(October 31, 2019). The International Journal of Analytical and
Experimental Modal Analysis, Volume XI, Issue X, October/2019,
Available at SSRN: https://ssrn.com/abstract=3896925
[11] Etaher, Najla, George RS Weir, and Mamoun Alazab. "From zeus to
zitmo: Trends in banking malware." 2015 IEEE
Trustcom/BigDataSE/ISPA. Vol. 1. IEEE, 2015