A literature review on classification of phishing attacks

Phishing is a type of security threat that loots users' personal credentials such as online banking, credit card numbers, card verification value (CVV) numbers, automated teller machine (ATM) pins. Phishing scams are done by sending spoofed emails, instant messaging that carry hyperlinks that redirect the users to fake/spoofed sites, and steal their sensitive information. Phishers mainly concentrate on internet users who perform E-banking. Since these E-transactions are inevitable in today's digital world, many anti-phishing tools are developed to secure the user from phishing attacks. This paper proposes a new definition of phishing based on the intention of phishing and a complete classification of phishing attacks starting the email phishing to the very recent ransomware. This literature provides the classification of phishing attacks and the different possible ways the attacker targets the victims. A statistical analysis on phishing attacks is performed using the data collected from anti-phishing working group (APWG) technical reports to find: (i) top three countries hosting phishing, (ii) top three most affected countries hosting phishing, (iii) top three least affected countries, (iv) top three industry sectors affected by phishing, (v) top three malware used for phishing, and (vi) hypertext transfer protocol secure (HTTPS) enabled phishing uniform resource locator (URL). This study is helpful in understanding the different ways of performing phishing attacks.