Abstract
The amount of fraud on the Internet is increasing along with the availability and the popularity of the Internet around the world. One of the most common forms of Internet fraud is phishing. Phishing attacks seek to obtain a user’s personal or secret information. The variety of phishing attacks is very broad, and usage of novel, more sophisticated methods complicates its automated filtering. Therefore, it is important to form up-to-date and detailed phishing attack taxonomy, which could be used for both human education purposes as well as phishing attack discrete notation. In this paper, we propose an e-mail-based phishing attack taxonomy, which includes six phases of the attack. Each phase has at least one criterion for the attack categorization. Each category is described, and in some cases the categories have sub-classes to present the full variety of phishing attacks. The proposed taxonomy is compared to similar taxonomies. Our taxonomy outperforms other phishing attack taxonomies in numbers of phases, criteria and distinguished classes. Validation of the proposed taxonomy is achieved by adapting it as a phishing attack notation for an incident management system. Taxonomy usage for phishing attack notation increases the level of description of phishing attacks compared to free-form phishing attack descriptions.
Highlights
The development of information technologies brings many benefits to people and businesses.At the same time, information technology serves as a gateway for criminal activities
This paper aims to highlight the variety of e-mail-based phishing attacks by proposing an e-mail-based phishing attack taxonomy
As the p-value is < 0.00001, the result is significant at p < 0.05. Based on this non-parametric statistical hypothesis test, we can confirm that the proposed taxonomy-based phishing attack e-mail notation produces a significantly different and larger number of notated properties compared to the free form notating process
Summary
The development of information technologies brings many benefits to people and businesses. In an e-mail-based phishing attack, e-mail messages used as a contact environment to the victim to obtain targeted information. E-mail-based phishing attacks were selected as this is the most popular environment for phishing messages, and e-mail messaging is vulnerable to spoofing and e-mail address camouflage methods. The proposed taxonomy concentrates on e-mail-based phishing attack and includes e-mail address gathering techniques and e-mail sender address classification. There are specific e-mail-based phishing attack classifications, while the rest of the taxonomy can be applied to a wider range of phishing attacks. We overview existing methods for presentation of the phishing attack taxonomies. The content of the existing scientific papers on e-mail-based phishing attack taxonomies is summarized in the second section as well.
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
