Abstract
Phishing is one of the major problems faced by cyber-world and leads to financial losses for both industries and individuals. Detection of phishing attack with high accuracy has always been a challenging issue. At present, visual similarities based techniques are very useful for detecting phishing websites efficiently. Phishing website looks very similar in appearance to its corresponding legitimate website to deceive users into believing that they are browsing the correct website. Visual similarity based phishing detection techniques utilise the feature set like text content, text format, HTML tags, Cascading Style Sheet (CSS), image, and so forth, to make the decision. These approaches compare the suspicious website with the corresponding legitimate website by using various features and if the similarity is greater than the predefined threshold value then it is declared phishing. This paper presents a comprehensive analysis of phishing attacks, their exploitation, some of the recent visual similarity based approaches for phishing detection, and its comparative study. Our survey provides a better understanding of the problem, current solution space, and scope of future research to deal with phishing attacks efficiently using visual similarity based approaches.
Highlights
Phishing is a crime in which a perpetrator sends the fake e-mail, which appears to come from popular and trusted brand or organization, asking to input personal credential like bank password, username, phone number, address, credit card details, and so forth [1,2,3,4]
First phishing attack was observed on America online network systems (AOL) in the early 1990s [37] where many fraudulent users registered on AOL website with fake credit card details
(i) It cannot detect zero-hour attack (i) It is time-consuming and takes a lot of time to compare text and images (ii) Signature is compared with expected legitimate page; it is difficult to find expected target (i) To detect a phishing webpage corresponding legitimate page must be present in the database (i) Accuracy of system depends on the term frequency inverse domain frequency (TF-IDF) algorithm and search engine (i) High false negative rate, 13%
Summary
Phishing is a crime in which a perpetrator sends the fake e-mail, which appears to come from popular and trusted brand or organization, asking to input personal credential like bank password, username, phone number, address, credit card details, and so forth [1,2,3,4]. The fake e-mails often look amazingly legitimate, and even the website where the Internet user is asked to input personal information looks similar to legitimate one. First phishing attack was observed on America online network systems (AOL) in the early 1990s [37] where many fraudulent users registered on AOL website with fake credit card details. E-mail and instant messages appeared to come from an AOL employee Many users provided their passwords and other personal information to the attackers.
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
