A review of phishing attacks and countermeasures for internet of things‐based smart business applications in industry 4.0

Abstract

Due to the advancement in industry 4.0, cybercrimes in internet-based business applications are rapidly increasing. To encounter such attacks, the intruders use various tools and techniques such as Phishing, Malware, SQL Injection, Ransomware, Cross-Site Scripting (XSS), Denial of Service (DoS), Session Hijacking, and Credential Reuse. Phishing is most commonly in practice in the current digital era. Phishing is a fraudulent attempt to obtain sensitive information from deceiving users. These types of cyber-attacks are used to harm individuals or entire businesses depending on the targeted objective of the attacker. To combat these attacks, the research community provides various phishing detection techniques. In this article, we classify state-of-the-art fishing detection techniques in five major categories, that are, (1) Data Mining, Deep Learning & Machine Learning-Based Approach, (2) Search Engine-Based Approach, (3) URL Scan-Based Approach, (4) Blacklisting-Whitelisting Approach, and (5) Visual Similarity-Based Approach. Further, a comparative analysis is provided within each category concerning their strength and weaknesses. Moreover, the article provides phishing prevention best practices to the readers to avoid such attacks.