Phishing Research Articles

Illegitimate Websites Detection Using Deep Learning Framework

Phishing is a crime involving robbery of confidential user data. The phishing websites are aimed at individuals, businesses, and cloud storage and government websites. Hardware- based anti-phishing methods are generally used, but software- based approaches are favored because of costs and operational factors. There is no solution to the problem such as zero-day phishing attacks from current phishing detection approaches. A three-phase attack detection called the Phishing Attack Detector based on Web Crawler was proposed to resolve these problems and precisely detect phishing incidences using recurrent neural network. It includes the input features Web traffic, web content and Uniform Resource Locator (URL) based on the classification of phishing and non-phishing pages

The Effects of Phishing Attacks on Mobile Phone Users in Tanzania: A Case of Kariakoo Market, Dar es Salaam

This study aimed at understanding phishing attacks targeting mobile phone users in Tanzania, focusing on the investigation of effects of these attacks on the mobile phone users. The study used technology threat avoidance theory as its theoretical framework. Respondents were selected using a purposive stratified sampling method to ensure diverse representation across various demographics and business sectors. A descriptive research design was employed and traders in Kariakoo market, Dar es Salaam were the target population. A sample size of 394 respondents was chosen and data obtained through structured questionnaires and in-depth interviews. Quantitative data were analyzed using SPSS, while qualitative data were examined with Deedose. The study revealed social, economic, and psychological effects of phishing attacks to mobile phone users in Tanzania. Socially, there was a noticeable decline in trust toward digital communications, leading to altered online behaviors and interactions. Economically, the effects included substantial financial losses and disruptions to business operations, impacting both individuals and organizations. Psychologically, the study found that victims experienced emotional distress, anxiety, and a heightened sense of vulnerability, prompting an increased awareness and caution regarding cyber security practices. The study concluded that phishing attacks posed significant social, economic, and psychological challenges for mobile phone users in Tanzania, with effects varying across different demographic groups. It also revealed that users' age, gender, education, and business sector influenced their susceptibility to phishing attacks, leading to diverse experiences and vulnerabilities within the population. The study recommends implementation of targeted awareness campaigns through popular communication channels, such as social media ads and television, to maximize reach and engagement, especially among younger users who are frequently online.

FDN-SA: Fuzzy deep neural-stacked autoencoder-based phishing attack detection in social engineering

Phishing attacks have emerged as a major social engineering threat that affects businesses, governments, and general internet users. This work proposes a social engineering phishing detection technique based on Deep Learning (DL). Initially, website data is taken from the dataset. Then, the features of Natural Language Processing (NLP) like bag of words, n-gram, hashtags, sentence length, Term Frequency- Inverse Document Frequency of records (TF-IDF), and all caps are extracted and then web feature extraction is carried out. Later, the feature fusion is done using the Neyman similarity with Deep Belief Network (DBN). Afterwards, oversampling is used for data augmentation to enhance the number of training samples. Lastly, the detection of phishing attacks is performed by employing the proposed Fuzzy Deep Neural-Stacked Autoencoder (FDN-SA). Here, the proposed FDN-SA is developed by combining a Deep Neural Network (DNN), and Deep Stacked Autoencoder (DSA). Further, the investigation of FDN-SA is accomplished based on the accuracy, True Positive Rate (TPR), and True Negative Rate (TNR) and is observed to compute values of 0.920, 0.925, and 0.921, respectively.

Research Paper on Cyber Security

Cybersecurity is like our computers and phones' superhero. They help keep our computers and phone safe from sneaky bad guys on the internet. It’s all about using genius locks and tricks to keep our digital stuff virus free, hacker proof and away from funny online stunts. Like we cheque if the doors are locked and who leaving keys under the doormat at home, cybersecurity is our online detectives to keep an eye on websites to see they are safe, and be a bit more careful when clicking on links in emails from strangers. Having a shield for your digital world, to enjoy the internet without worries. Our online superhero is cybersecurity, the cybersecurity that allows us to surf the web, play games, and chat with friends securely. KeyWords:Malware,PenetrationTesting,Web AppTesting,Ddos Attacks,Ransomware Attacks,Phishing Attacks.

A comprehensive survey of cybercrimes in India over the last decade

Since the 1990s, the integration of technology into daily life has led to the creation of an extensive network of interconnected devices, transforming how individuals and organizations operate. However, this digital transformation has also spurred the rise of cybercrime, criminal activities perpetrated through networks or computer systems. Cybercrime has become a global concern, presenting significant challenges to security systems. Although advancements in digital technology have enhanced efficiency, they have also opened new avenues for exploitation by cybercriminals, highlighting the urgent need for advanced cybersecurity measures. The escalating number of cyberattacks and associated risks in the past decade highlights the critical importance of protecting sensitive data and safeguarding information systems. Cybercrimes range from financial fraud and phishing scams to identity theft and online harassment, posing substantial risks to both individuals and organizations. In response, governments, law enforcement agencies, and cybersecurity units have intensified their efforts to address these threats. In recent years, India has experienced a significant surge in cybercrime incidents, with a notable increase in cases involving ransomware, data breaches, and social engineering attacks. The growing penetration of internet services, the expansion of e-commerce, and the rapid adoption of digital payment systems have made individuals and organizations more vulnerable to cyber threats. Key areas affected include banking, healthcare, and government sectors, which are frequently targeted due to the sensitive nature of the data they handle. To combat these risks, there is an increasing focus on public awareness, cybersecurity education, and robust regulatory frameworks. This paper provides an in-depth analysis of cybercrime, with a focus on developing innovative prevention strategies, strengthening internal security protocols, and classifying key cybercrime terminologies to better understand their implications for digital infrastructure.

A Comprehensive Review of Phishing Attack Detection Using Machine Learning Techniques

Phishing attacks have become a significant cybersecurity concern, affecting millions of users and organizations by stealing confidential information. The rise of machine learning (ML) techniques has provided innovative ways to detect and mitigate phishing attacks. This review paper explores various ML algorithms, including Decision Trees (DT), Random Forest (RF), and Principal Component Analysis (PCA), in detecting phishing attacks. Through a review of recent studies, it is evident that ML models such as RF can achieve high accuracy, up to 97%, in phishing detection. However, challenges such as evolving phishing strategies, data imbalance, and feature extraction remain critical issues. Future research directions should focus on deep learning models and real-time detection systems to enhance the robustness and effectiveness of phishing detection mechanisms

Unmasking phishers: ML for malicious certificate detection

Phishing attacks increasingly use digital certificates to appear safe to users, and the frequency of such attacks has surged in recent years. As an example, around 80% of the 2021 phishing attacks used digital certificates to appear legitimate. The most common methods today for detecting phishing websites rely on users reporting the websites to phishing repositories, where they are then confirmed. This process can be slow, allowing the attacker to have time to have their phishing attack out on the Internet. Newer methods that implement machine learning models for the detection of phishing websites based on their digital certificate have been shown to be effective. This paper presents a system that uses certificate and domain name related features along with machine learning methods for the detection of phishing websites. To develop the system, data was collected from PhishTank and Tranco for domain names, and Censys was used for certificate retrieval. The domain related features are partly engineered using a time-series based deep learning model to get a vector representation of the domain name. Using the features engineered from the certificate and domain name, classical machine learning classifiers are trained and compared. Enriching the feature set with the vector representation of the domain names results in higher performance in distinguishing suspicious certificates from benign ones, going from an F1-score of 0.77 for a feature set solely based on certificate-related features to a performance of 0.89 with the enriched feature set. A time-based evaluation reflects the same performance with an F1-score of 0.88, which is an improvement compared to existing approaches to feature engineering.

Development of a Phishing Website DetectionModel Using Classification Algorithm

Development of a Phishing Website DetectionModel Using Classification Algorithm

Improve the effectiveness of machine learning models in detecting website phishing using morphological features in URL analysis

With the proliferation of the Internet, the emergence of various threats has become increasingly prevalent, particularly the danger posed by phishing websites. These websites are designed with malicious content aimed at exploiting users who inadvertently access them. This method of attack represents a significant potential risk for users in cyberspace. The problem of detecting and eliminating phishing websites has garnered significant interest and research within the community. In this study, we propose a set of morphological features in URL path analysis, combined with machine learning methods, to detect phishing website URLs. Experimental evaluation with the UCI Repository dataset results have demonstrated the effectiveness of the proposed feature set in terms of all metrics (Accuracy, Precision, Recall, and F1 Score) compared to previous methods.

Real-time phishing URL detection framework using knowledge distilled ELECTRA

The rise of cyber threats, particularly URL-based phishing attacks, has tarnished the digital age despite its unparalleled access to information. These attacks often deceive users into disclosing confidential information by redirecting them to fraudulent websites. Existing browser-based methods, predominantly relying on blacklist approaches, have failed to effectively detect phishing attacks. To counteract this issue, we propose a novel system that integrates a deep learning model with a user-centric Chrome browser extension to detect and alert users about potential phishing URLs instantly. Our approach introduces a Knowledge Distilled ELECTRA model for URL detection and achieves remarkable performance metrics of 99.74% accuracy and a 99.43% F1-score on a diverse dataset of 450,176 URLs. Coupled with the browser extension, our system provides real-time feedback, empowering users to make informed decisions about the websites they visit. Additionally, we incorporate a user feedback loop for continuous model enhancement. This work sets a precedent by offering a seamless, robust, and efficient solution to mitigate phishing threats for internet users.

EWDPS: A Novel Framework for Early Warning and Detection on Ethereum Phishing Scams

EWDPS: A Novel Framework for Early Warning and Detection on Ethereum Phishing Scams

An optimal machine learning-based algorithm for detecting phishing attacks using URL information

An optimal machine learning-based algorithm for detecting phishing attacks using URL information

Cybersecurity Threats and Vulnerabilities in Online Banking Systems

The rapid expansion of online banking has introduced significant convenience and accessibility for consumers and financial institutions alike. However, it also brings a substantial increase in cybersecurity threats, making online banking systems prime targets for cybercriminals. This paper provides a comprehensive examination of the prevalent cybersecurity threats that online banking faces, including phishing attacks, malware, ransomware, man-in-the-middle (MITM) attacks, insider threats, and distributed denial-of-service (DDoS) attacks. We analyze these threats in-depth, exploring how each tactic is deployed to compromise security and exploit vulnerabilities within online banking systems. Moreover, this paper discusses specific vulnerabilities that exist in online banking platforms, such as weak authentication practices, insecure network connections, outdated software, and risks associated with third-party integrations. Through tables and graphical data, the paper offers a clear overview of the most common vulnerabilities and their prevalence, providing insights into how these weak points are exploited in the cyber landscape. The impact of such cybersecurity breaches on financial institutions is also considered, highlighting the consequences that follow a security breach, such as financial losses, reputational damage, regulatory fines, and customer distrust. The findings reveal that these impacts not only affect individual financial institutions but can also undermine public confidence in digital banking as a whole. Finally, the paper proposes several strategic defenses against these threats. Solutions include multi-factor authentication, end-to-end encryption, robust threat monitoring, regular security audits, and customer education initiatives, among others. Statistical data on the effectiveness of these strategies demonstrates their role in mitigating cyber risks and fortifying online banking systems against future attacks. This study concludes by emphasizing the critical need for continuous innovation in cybersecurity practices, as cyber threats continue to evolve in sophistication.

Models in Review for the Analysis of Phishing Website URLs

In this paper, we compare our method on DEFRAUD with current online API services and the state-of-the-art machine learning model for defending against phishing websites. Rule-based methods, in nature traditional such rules tend to get outdated quickly and are not capable of tracing new tactics used by the malicious ware every second. Over time, new proactive approaches enabled by machine learning (ML) have become more important as these solutions are flexible and adaptable in their ability to scan through modern data breaches for patterns from millions of datasets. In this study, we explore various machine learning algorithms: Logistic Regression (LR), K-Nearest Neighbors (KNN), Decision Trees (DT) Random Forest (RF), Support Vector Classifiers (SVC) and xgBoost for phishing website detection. Ensemble Methods like Random Forest, XGBoost have better accuracy/precision/recall. Metrics. While XGBoost is resource hungry, it is well known for out of the box support with huge data dimensions as well deep learning framework and avoiding overfitting. The study underscores the importance of integrating machine-learning models into practical cybersecurity applications. Future research should focus on improving these models and expanding their application across different domains to enhance cybersecurity defenses.

Impact Analysis of Filter and Wrapper-Based Feature Selection Techniques for Webpages Phishing Attacks Identification

Phishing, which involves fraudulently gaining access to sensitive assets of unsuspecting individuals through deceptive and malicious emails, is a major global threat to internet users. The proliferation of phishing sites and their operations is occurring at an alarming rate, raising significant concerns about how to forestall them. Numerous research efforts are underway to detect phishing attempts before they can compromise important information and cause damage. Compared to conventional methods, machine learning has proven highly effective at detecting phishing attacks by analyzing different features. This study analyzed the behaviors of seven classification data mining algorithms on optimal subset features selection using Wrapper (Boruta) and Filter-based (Mutual-Information). Real-life phishing webpage datasets were used for the analysis. Ensemble classifiers such as Voting, Gradient Boosting, and Random Forest were used in the experiments. Two experiments were conducted. In the first experiment, K-Nearest Neighbor (K-NN) yielded the highest accuracy among single classifiers, with a score of 94.1%, while Random Forest (RF) ensemble achieved 96.7%. In the second experiment, using another baseline feature set, RF performed excellently under the Boruta method with an accuracy of 97.25%, while K-NN retained the highest accuracy of 95.20% among single classifiers. This study provides empirical evidence that feature selection techniques have a great impact on the performance of ML models, for both single and ensemble classifiers, in the detection of phishing attacks.

A Hybrid Framework for Improved Weighted Quantum Particle Swarm Optimization and Fast Mask Recurrent CNN to Enhance Phishing-URL Prediction Performance

Phishing websites are cybercrimes that aim to collect confidential data, including bank card numbers, bank accounts, and credentials. To detect phishing sites, specialists must extract the elements of the websites and utilize third-party resources. One of the drawbacks of these methods is that identifying phishing characteristics takes a lot of effort and knowledge. Second, the recognition of phishing websites is delayed when third-party services are used. A novel detecting system Improved Weighted Quantum Particle Swarm Optimisation (IWQPSO) and Fast Mask Recurrent Convolutional Neural Network (FMRCNN) proposed to strengthen and empower the technique of identifying phishing URLs. The proposed model does not require the retrieval of target website content or the use of any third-party services. Phishing attacks continue to pose significant cyber-security threats, particularly through deceptive URLs. This study proposes a novel approach to enhance phishing-URL prediction using a hybrid methodology. The method integrates an IWQPSO-FMRCNN. The IWQPSO algorithm is leveraged to optimize the weights and parameters of the FMRCNN model, enhancing its performance in distinguishing between legitimate and phishing URLs. By combining the strengths of evolutionary optimization and deep learning, the proposed approach aims to achieve higher accuracy 99.3%, precision 94.6%, F1-Score 96.7%, Recall 98.2% and AUC score 97.9% in detecting phishing URLs compared to existing methods. Experimental results demonstrate the effectiveness of the proposed hybrid method in improving phishing-URL prediction performance, providing a promising avenue for enhancing cyber-security measures against online threats.

빅카인즈를 활용한 딥페이크 범죄 경향 분석

This study is significant for analyzing criminal trends using deepfake technology based on media reports. A total of 478 articles related to crimes using deepfake technology were extracted from the BIGKinds portal from July 2018 to July 2024. We then analyzed trends over the years using association word analysis. Analysis shows that in 2018-2019, unlike in the early days of AI, deepfake technology usage has increased among the general public. The article also noted that the age range of users has broadened. In particular, he pointed out that deepfake technology is often used for sexual offenses. The year 2020 saw a spike in deepfake crime stories due to COVID-19 and the Nth Room Case incident, with the majority of stories related to illegal pornography distribution and digital sex crimes on Telegram. When looking at recent trends in deepfake crimes from 2021 to 2024, the top stories included the continued rise of digital sex crimes among teens, the increasingly sophisticated ways in which digital sex crimes are being perpetrated, the rise of deepfake sex crimes as a form of entertainment, the escalating impact of deepfake sex crimes, and the use of deepfake technology in voice phishing scams. Based on the results of this analysis, we propose implications for future legal, institutional, and educational aspects of deep fake crimes and limitations of this study.

Securing the web: Machine learning's role in predicting and preventing phishing attacks

Securing the web: Machine learning's role in predicting and preventing phishing attacks

An Investigation of AI-Enabled Comprehensive Survey of Phishing Attacks detection techniques

Phishing is an online criminal activity which traps regular online customers to reveal their sensitive information into fake destinations by disguising themselves as original website. Because of the short life expectancy of phishing sites and the fast progression of phishing systems the current anti- phishing solutions are either unfit to manage the rising changes or in fit for assuming a successful part against this attack.Natural language handling and machine learning – these are the centre usage of the multi-stage approach proposed to identify phishing attacks and to perceive the substance/association that has been misused by the attackers to execute the phishing attacks. In this technique the primary stage is the revelation of named elements (names of areas, individuals and associations) and afterward the disclosure of concealed topics and for this the strategies that backings both phishing and non-phishing information therefore, Conditional Random Field (CRF) and Latent Dirichlet Allocation (LDA) is utilized. Next stage is the AdaBoost arrange where the named elements and the concealed subjects are dealt as features and the messages are ordered into phishing or non-phishing. proposed techniques are planned to alleviate the effect of phishing attack. The principal strategy proposes is to identify Wi-Fi phishing utilizing Association Rule mining. A Wi-Fi hotspot which associates such hand held gadgets has turned into a transitory archive of delicate data, in this way giving an open door for programmers to gather money related gain .Consequently data security arrangements tending to Wi-Fi hotspots (Wi-Fi phishing attack) has turned into the need of great importance. The conceivable approaches to attack the security of Wi-Fi hotspots and counter-attack methodologies have been tended to in this strategy. Key works: Phishing, LDA,AI

An Enhanced K-Means Clustering Algorithm for Phishing Attack Detections

Phishing attacks continue to pose a significant threat to cybersecurity, employing increasingly sophisticated techniques to deceive victims into revealing sensitive information or downloading malware. This paper presents a comprehensive study on the application of Machine Learning (ML) techniques for identifying phishing websites, with a focus on enhancing detection accuracy and efficiency. We propose an approach that integrates the CfsSubsetEval attribute evaluator with the K-Means Clustering algorithm to improve phishing detection capabilities. Our method was evaluated using datasets of varying sizes (2000, 7000, and 10,000 samples) from a publicly available repository. Simulation results demonstrate that our approach achieves an accuracy of 89.2% on the 2000-sample dataset, outperforming the traditional kernel K-Means algorithm, which achieved an accuracy of 51.5%. Further analysis using precision, recall, and F1-score metrics corroborates the effectiveness of our method. We also discuss the scalability and real-world applicability of our approach, addressing limitations and proposing future research directions. This study contributes to the ongoing efforts to develop robust, efficient, and adaptable phishing detection systems in the face of evolving cyber threats.