Exploiting Legitimate Domains for Phishing: A Review
摘要
Phishing exploits human vulnerabilities to compromise sensitive data and infiltrate networks. One particularly deceptive tactic involves phishing sites hosted on compromised domains (PSHCD). They are difficult to detect because they capitalize on the credibility of legitimate websites to deceive users. Despite their prevalence, limited attention has been given to this genre. This review addresses that gap by focusing on the existing detection techniques specifically targeting PSHCD. It consolidates and evaluates various proposed techniques, identifies significant research gaps, highlights the ongoing challenges and suggests future directions. While searching for the articles, manuscripts were first filtered by abstract screening, and only those focusing on software-based phishing detection, targeting PSHCD were shortlisted. Finally, 8 articles published in the timeframe of 2014–2023 in reputable online research libraries are reviewed. This work serves as a foundation for future research and emphasizes the necessity for advanced machine learning models, comprehensive datasets, and innovative technologies.