Phishing Email: Could We Get Rid of It? A Review on Solutions to Combat Phishing Emails

  • Ghassan Ahmed AliEmail author
Conference paper
Part of the Advances in Intelligent Systems and Computing book series (AISC, volume 1073)


From the inception of email in the last era until this hour, many stories about misleading victims in phishing emails are published. Phishing email has been considered to be one of the most common threats. Many researchers wonder why the phishing email still works. The problem lies in the strategies used by the attacker in the electronic trap and the lack of security awareness by the user at the same time. This paper presents stages and steps of phishing email and investigates the most tricking techniques used by the attacker to attract the user. The paper also motivates work on non-technical solutions and reviews the types of detection methods of phishing emails concentrating on methods related to message contents.


Phishing emails Detection methods Cybercriminals 


  1. 1.
    Gupta, B.B., Tewari, A., Jain, A.K., Agrawal, D.P.: Fighting against phishing attacks: state of the art and future challenges. Neural Comput. Appl. 28(12), 3629–3654 (2017)CrossRefGoogle Scholar
  2. 2.
    KasperskyLab: Kaspersky lab: spam and phishing report 2019 (2019). Accessed 10 June 2019
  3. 3.
    Chiluwa, I.: Congratulations, €1,000,000: analyzing the discourse structures of scam emails. In: The Palgrave Handbook of Deceptive Communication, pp. 897–912. Palgrave Macmillan, Cham (2019)Google Scholar
  4. 4.
    Wang, Y., Lin, C., Li, Q.L.: Performance analysis of email systems under three types of attacks. Perform. Eval. 67(6), 485–499 (2010)CrossRefGoogle Scholar
  5. 5.
    Pawar, M.V., Anuradha, J.: Network security and types of attacks in network. Proc. Comput. Sci. 48, 503–506 (2015)CrossRefGoogle Scholar
  6. 6.
    Hamid, I.R.A., Abawajy, J.: Hybrid feature selection for phishing email detection. In: International Conference on Algorithms and Architectures for Parallel Processing, pp. 266–275. Springer, Heidelberg, October 2011Google Scholar
  7. 7.
    Al-Hamar, M., Dawson, R., Al-Hamar, J.: The need for education on phishing: a survey comparison of the UK and Qatar. Campus-Wide Inf. Syst. 28(5), 308–319 (2011)CrossRefGoogle Scholar
  8. 8.
    Alsharnouby, M., Alaca, F., Chiasson, S.: Why phishing still works: user strategies for combating phishing attacks. Int. J. Hum.-Comput. Stud. 82, 69–82 (2015)CrossRefGoogle Scholar
  9. 9.
    Gupta, B.B., Arachchilage, N.A., Psannis, K.E.: Defending against phishing attacks: taxonomy of methods, current issues and future directions. Telecommun. Syst. 67(2), 247–267 (2018)CrossRefGoogle Scholar
  10. 10.
    Gupta, B.B., Tewari, A., Jain, A.K., Agrawal, D.P.: Fighting against phishing attacks: state of the art and future challenges. Neural Comput. Appl. 28(12), 3629–3654 (2017)CrossRefGoogle Scholar
  11. 11.
    Brewer, R.: Ransomware attacks: detection, prevention and cure. Netw. Secur. 2016(9), 5–9 (2016)CrossRefGoogle Scholar
  12. 12.
    Sasse, M.A., Brostoff, S., Weirich, D.: Transforming the ‘weakest link’—a human/computer interaction approach to usable and effective security. BT Technol. J. 19(3), 122–131 (2001)CrossRefGoogle Scholar
  13. 13.
    Tally, G., Thomas, R., Van Vleck, T.: Anti-phishing: best practices for institutions and consumers. McAfee Research, March 2004Google Scholar
  14. 14.
    Kumaraguru, P., Rhee, Y., Acquisti, A., Cranor, L.F., Hong, J., Nunge, E.: Protecting people from phishing: the design and evaluation of an embedded training email system. In: Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, pp. 905–914. ACM, April 2007Google Scholar
  15. 15.
    Wen, Z.A., Lin, Z., Chen, R., Andersen, E.: What. hack: engaging anti-phishing training through a role-playing phishing simulation game. In: Proceedings of the 2019 CHI Conference on Human Factors in Computing Systems, p. 108. ACM (2019)Google Scholar
  16. 16.
    Werner, L.A., Courte, J.: Analysis of an anti-phishing lab activity. Inf. Syst. Educ. J. 8(11), n11 (2010)Google Scholar
  17. 17.
    Hamid, I.R.A., Abawajy, J.H.: An approach for profiling phishing activities. Comput. Secur. 45, 27–41 (2014)CrossRefGoogle Scholar
  18. 18.
    Yearwood, J., Mammadov, M., Webb, D.: Profiling phishing activity based on hyperlinks extracted from phishing emails. Soc. Netw. Anal. Min. 2(1), 5–16 (2012)CrossRefGoogle Scholar
  19. 19.
    Basnet, R., Mukkamala, S., Sung, A.H.: Detection of phishing attacks: a machine learning approach. In: Soft Computing Applications in Industry, pp. 373–383. Springer, Heidelberg (2008)Google Scholar
  20. 20.
    Jain, A.K., Gupta, B.B.: A machine learning based approach for phishing detection using hyperlinks information. J. Intell. Hum. Comput. 10(5), 2015–2028 (2019)CrossRefGoogle Scholar
  21. 21.
    Fang, Y., Zhang, C., Huang, C., Liu, L., Yang, Y.: Phishing email detection using improved RCNN model with multilevel vectors and attention mechanism. IEEE Access 7, 56329–56340 (2019)CrossRefGoogle Scholar
  22. 22.
    Park, G., Rayz, J.: Ontological detection of phishing emails. In: 2018 IEEE International Conference on Systems, Man, and Cybernetics (SMC), pp. 2858–2863. IEEE (2018)Google Scholar
  23. 23.
    Chandrasekaran, M., Narayanan, K., Upadhyaya, S.: Phishing email detection based on structural properties. In: NYS Cyber Security Conference, vol. 3 (2006)Google Scholar

Copyright information

© Springer Nature Switzerland AG 2020

Authors and Affiliations

  1. 1.Department of Information Systems, College of Computer Sciences and Information SystemsNajran UniversityNajranKingdom of Saudi Arabia

Personalised recommendations