Uncovering the Cloak: A Systematic Review of Techniques Used to Conceal Phishing Websites

Phishing represents a cybersecurity attack strategy commonly employed by cybercriminals to unlawfully acquire sensitive user information, including passwords, account details, credit card data, and other personally identifiable information. Phishing websites bear a striking resemblance to their legitimate counterparts, thus rendering them inconspicuous and challenging for an unsuspecting user to identify. Criminals and phishing experts frequently leverage cloaking mechanisms to evade detection software and web crawlers. This paper provides a comprehensive systematic review of primary studies conducted between 2012 and 2022 on using cloaking techniques to evade detection by anti-phishing entities based on data extracted from Scopus, Web of Science, and Google Scholar. Different server-side and client-side detection strategies, phishing techniques and cloaking mechanisms, toolkits, blacklists, phishing or anti-phishing ecosystems, and other such concepts have been taken as thematic outputs of the study and have been discussed in detail. This systematic literature review (SLR) is one of the first reviews to be conducted for analyzing the current cloaking or evasion techniques used by phishers, and the limitations of the study have been outlined as well.