Phishing exploits human vulnerabilities to compromise sensitive data and infiltrate networks. One particularly deceptive tactic involves phishing sites hosted on compromised domains (PSHCD). They are difficult to detect because they capitalize on the credibility of legitimate websites to deceive users. Despite their prevalence, limited attention has been given to this genre. This review addresses that gap by focusing on the existing detection techniques specifically targeting PSHCD. It consolidates and evaluates various proposed techniques, identifies significant research gaps, highlights the ongoing challenges and suggests future directions. While searching for the articles, manuscripts were first filtered by abstract screening, and only those focusing on software-based phishing detection, targeting PSHCD were shortlisted. Finally, 8 articles published in the timeframe of 2014–2023 in reputable online research libraries are reviewed. This work serves as a foundation for future research and emphasizes the necessity for advanced machine learning models, comprehensive datasets, and innovative technologies.

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

Exploiting Legitimate Domains for Phishing: A Review

  • Richa Goenka,
  • Pratiksha Panchbhai,
  • Meenu Chawla,
  • Namita Tiwari

摘要

Phishing exploits human vulnerabilities to compromise sensitive data and infiltrate networks. One particularly deceptive tactic involves phishing sites hosted on compromised domains (PSHCD). They are difficult to detect because they capitalize on the credibility of legitimate websites to deceive users. Despite their prevalence, limited attention has been given to this genre. This review addresses that gap by focusing on the existing detection techniques specifically targeting PSHCD. It consolidates and evaluates various proposed techniques, identifies significant research gaps, highlights the ongoing challenges and suggests future directions. While searching for the articles, manuscripts were first filtered by abstract screening, and only those focusing on software-based phishing detection, targeting PSHCD were shortlisted. Finally, 8 articles published in the timeframe of 2014–2023 in reputable online research libraries are reviewed. This work serves as a foundation for future research and emphasizes the necessity for advanced machine learning models, comprehensive datasets, and innovative technologies.