Uncovering the Cloak: A Systematic Review of Techniques Used to Conceal Phishing Websites
Phishing represents a cybersecurity attack strategy commonly employed by cybercriminals to unlawfully acquire sensitive user information, including passwords, account details, credit card data, and other personally identifiable information. Phishing websites bear a striking resemblance to their legi...
Gespeichert in:
| Veröffentlicht in: | IEEE access 2023-01, Vol.11, p.1-1 |
|---|---|
| Hauptverfasser: | , , , |
| Format: | Artikel |
| Sprache: | eng |
| Schlagworte: | |
| Online-Zugang: | Volltext |
| Tags: |
Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
|
| container_end_page | 1 |
|---|---|
| container_issue | |
| container_start_page | 1 |
| container_title | IEEE access |
| container_volume | 11 |
| creator | Li, Wenhao Manickam, Selvakumar Laghari, Shams Ul Arfeen Chong, Yung-Wey |
| description | Phishing represents a cybersecurity attack strategy commonly employed by cybercriminals to unlawfully acquire sensitive user information, including passwords, account details, credit card data, and other personally identifiable information. Phishing websites bear a striking resemblance to their legitimate counterparts, thus rendering them inconspicuous and challenging for an unsuspecting user to identify. Criminals and phishing experts frequently leverage cloaking mechanisms to evade detection software and web crawlers. This paper provides a comprehensive systematic review of primary studies conducted between 2012 and 2022 on using cloaking techniques to evade detection by anti-phishing entities based on data extracted from Scopus, Web of Science, and Google Scholar. Different server-side and client-side detection strategies, phishing techniques and cloaking mechanisms, toolkits, blacklists, phishing or anti-phishing ecosystems, and other such concepts have been taken as thematic outputs of the study and have been discussed in detail. This systematic literature review (SLR) is one of the first reviews to be conducted for analyzing the current cloaking or evasion techniques used by phishers, and the limitations of the study have been outlined as well. |
| doi_str_mv | 10.1109/ACCESS.2023.3293063 |
| format | Article |
| fullrecord | <record><control><sourceid>proquest_cross</sourceid><recordid>TN_cdi_crossref_primary_10_1109_ACCESS_2023_3293063</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><ieee_id>10175532</ieee_id><doaj_id>oai_doaj_org_article_84042c4ae23d421fae93eafe7b414d1c</doaj_id><sourcerecordid>2840389667</sourcerecordid><originalsourceid>FETCH-LOGICAL-c359t-1730058ccce8509876884adcb118205e15d2eda3bb25d8a0f7e037661f2223063</originalsourceid><addsrcrecordid>eNpNUU1Lw0AQDaJgqf0Feljw3Lof2WTjrYSqhYJiW8TTstlMmq1ttu6mlf57E1Okc5nhMe_NPF4Q3BI8IgQnD-M0ncznI4opGzGaMByxi6BHSZQMGWfR5dl8HQy8X-OmRAPxuBd8LittD-BMtUJ1CSjdWPX1iMZofvQ1bFVtNHqHg4EfZAu0AF1W5nsPHi095Ki2KLWVBrVBb6XxZavyAZk3Nfib4KpQGw-DU-8Hy6fJIn0Zzl6fp-l4NtSMJ_WQxAxjLrTWIDhORBwJEapcZ4QIijkQnlPIFcsyynOhcBEDZnEUkYJS2nrtB9NON7dqLXfObJU7SquM_AOsW0nlGhsbkCLEIdWhAsrykJJCQcJAFRBnIQlzohut-05r52zrspZru3dV876kDZmJJIriZot1W9pZ7x0U_1cJlm0ksotEtpHIUyQN665jGQA4Y5CYc0bZL9xJhio</addsrcrecordid><sourcetype>Open Website</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype><pqid>2840389667</pqid></control><display><type>article</type><title>Uncovering the Cloak: A Systematic Review of Techniques Used to Conceal Phishing Websites</title><source>Directory of Open Access Journals</source><source>IEEE Xplore Open Access Journals</source><source>EZB Electronic Journals Library</source><creator>Li, Wenhao ; Manickam, Selvakumar ; Laghari, Shams Ul Arfeen ; Chong, Yung-Wey</creator><creatorcontrib>Li, Wenhao ; Manickam, Selvakumar ; Laghari, Shams Ul Arfeen ; Chong, Yung-Wey</creatorcontrib><description>Phishing represents a cybersecurity attack strategy commonly employed by cybercriminals to unlawfully acquire sensitive user information, including passwords, account details, credit card data, and other personally identifiable information. Phishing websites bear a striking resemblance to their legitimate counterparts, thus rendering them inconspicuous and challenging for an unsuspecting user to identify. Criminals and phishing experts frequently leverage cloaking mechanisms to evade detection software and web crawlers. This paper provides a comprehensive systematic review of primary studies conducted between 2012 and 2022 on using cloaking techniques to evade detection by anti-phishing entities based on data extracted from Scopus, Web of Science, and Google Scholar. Different server-side and client-side detection strategies, phishing techniques and cloaking mechanisms, toolkits, blacklists, phishing or anti-phishing ecosystems, and other such concepts have been taken as thematic outputs of the study and have been discussed in detail. This systematic literature review (SLR) is one of the first reviews to be conducted for analyzing the current cloaking or evasion techniques used by phishers, and the limitations of the study have been outlined as well.</description><identifier>ISSN: 2169-3536</identifier><identifier>EISSN: 2169-3536</identifier><identifier>DOI: 10.1109/ACCESS.2023.3293063</identifier><identifier>CODEN: IAECCG</identifier><language>eng</language><publisher>Piscataway: IEEE</publisher><subject>Anti-Phishing Ecosystem ; Blocklists ; Cloaking Techniques ; Companies ; Cybersecurity ; Ecosystems ; Evasion Techniques ; History ; Literature reviews ; Passwords ; Phishing ; Phishing Blacklist ; Phishing Toolkit ; Systematic review ; Websites</subject><ispartof>IEEE access, 2023-01, Vol.11, p.1-1</ispartof><rights>Copyright The Institute of Electrical and Electronics Engineers, Inc. (IEEE) 2023</rights><lds50>peer_reviewed</lds50><oa>free_for_read</oa><woscitedreferencessubscribed>false</woscitedreferencessubscribed><cites>FETCH-LOGICAL-c359t-1730058ccce8509876884adcb118205e15d2eda3bb25d8a0f7e037661f2223063</cites><orcidid>0000-0003-1750-7441 ; 0000-0003-4378-1954 ; 0000-0002-6036-395X ; 0009-0007-4342-6676</orcidid></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktohtml>$$Uhttps://ieeexplore.ieee.org/document/10175532$$EHTML$$P50$$Gieee$$Hfree_for_read</linktohtml><link.rule.ids>314,776,780,860,2096,27610,27901,27902,54908</link.rule.ids></links><search><creatorcontrib>Li, Wenhao</creatorcontrib><creatorcontrib>Manickam, Selvakumar</creatorcontrib><creatorcontrib>Laghari, Shams Ul Arfeen</creatorcontrib><creatorcontrib>Chong, Yung-Wey</creatorcontrib><title>Uncovering the Cloak: A Systematic Review of Techniques Used to Conceal Phishing Websites</title><title>IEEE access</title><addtitle>Access</addtitle><description>Phishing represents a cybersecurity attack strategy commonly employed by cybercriminals to unlawfully acquire sensitive user information, including passwords, account details, credit card data, and other personally identifiable information. Phishing websites bear a striking resemblance to their legitimate counterparts, thus rendering them inconspicuous and challenging for an unsuspecting user to identify. Criminals and phishing experts frequently leverage cloaking mechanisms to evade detection software and web crawlers. This paper provides a comprehensive systematic review of primary studies conducted between 2012 and 2022 on using cloaking techniques to evade detection by anti-phishing entities based on data extracted from Scopus, Web of Science, and Google Scholar. Different server-side and client-side detection strategies, phishing techniques and cloaking mechanisms, toolkits, blacklists, phishing or anti-phishing ecosystems, and other such concepts have been taken as thematic outputs of the study and have been discussed in detail. This systematic literature review (SLR) is one of the first reviews to be conducted for analyzing the current cloaking or evasion techniques used by phishers, and the limitations of the study have been outlined as well.</description><subject>Anti-Phishing Ecosystem</subject><subject>Blocklists</subject><subject>Cloaking Techniques</subject><subject>Companies</subject><subject>Cybersecurity</subject><subject>Ecosystems</subject><subject>Evasion Techniques</subject><subject>History</subject><subject>Literature reviews</subject><subject>Passwords</subject><subject>Phishing</subject><subject>Phishing Blacklist</subject><subject>Phishing Toolkit</subject><subject>Systematic review</subject><subject>Websites</subject><issn>2169-3536</issn><issn>2169-3536</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2023</creationdate><recordtype>article</recordtype><sourceid>ESBDL</sourceid><sourceid>RIE</sourceid><sourceid>DOA</sourceid><recordid>eNpNUU1Lw0AQDaJgqf0Feljw3Lof2WTjrYSqhYJiW8TTstlMmq1ttu6mlf57E1Okc5nhMe_NPF4Q3BI8IgQnD-M0ncznI4opGzGaMByxi6BHSZQMGWfR5dl8HQy8X-OmRAPxuBd8LittD-BMtUJ1CSjdWPX1iMZofvQ1bFVtNHqHg4EfZAu0AF1W5nsPHi095Ki2KLWVBrVBb6XxZavyAZk3Nfib4KpQGw-DU-8Hy6fJIn0Zzl6fp-l4NtSMJ_WQxAxjLrTWIDhORBwJEapcZ4QIijkQnlPIFcsyynOhcBEDZnEUkYJS2nrtB9NON7dqLXfObJU7SquM_AOsW0nlGhsbkCLEIdWhAsrykJJCQcJAFRBnIQlzohut-05r52zrspZru3dV876kDZmJJIriZot1W9pZ7x0U_1cJlm0ksotEtpHIUyQN665jGQA4Y5CYc0bZL9xJhio</recordid><startdate>20230101</startdate><enddate>20230101</enddate><creator>Li, Wenhao</creator><creator>Manickam, Selvakumar</creator><creator>Laghari, Shams Ul Arfeen</creator><creator>Chong, Yung-Wey</creator><general>IEEE</general><general>The Institute of Electrical and Electronics Engineers, Inc. (IEEE)</general><scope>97E</scope><scope>ESBDL</scope><scope>RIA</scope><scope>RIE</scope><scope>AAYXX</scope><scope>CITATION</scope><scope>7SC</scope><scope>7SP</scope><scope>7SR</scope><scope>8BQ</scope><scope>8FD</scope><scope>JG9</scope><scope>JQ2</scope><scope>L7M</scope><scope>L~C</scope><scope>L~D</scope><scope>DOA</scope><orcidid>https://orcid.org/0000-0003-1750-7441</orcidid><orcidid>https://orcid.org/0000-0003-4378-1954</orcidid><orcidid>https://orcid.org/0000-0002-6036-395X</orcidid><orcidid>https://orcid.org/0009-0007-4342-6676</orcidid></search><sort><creationdate>20230101</creationdate><title>Uncovering the Cloak: A Systematic Review of Techniques Used to Conceal Phishing Websites</title><author>Li, Wenhao ; Manickam, Selvakumar ; Laghari, Shams Ul Arfeen ; Chong, Yung-Wey</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-c359t-1730058ccce8509876884adcb118205e15d2eda3bb25d8a0f7e037661f2223063</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2023</creationdate><topic>Anti-Phishing Ecosystem</topic><topic>Blocklists</topic><topic>Cloaking Techniques</topic><topic>Companies</topic><topic>Cybersecurity</topic><topic>Ecosystems</topic><topic>Evasion Techniques</topic><topic>History</topic><topic>Literature reviews</topic><topic>Passwords</topic><topic>Phishing</topic><topic>Phishing Blacklist</topic><topic>Phishing Toolkit</topic><topic>Systematic review</topic><topic>Websites</topic><toplevel>peer_reviewed</toplevel><toplevel>online_resources</toplevel><creatorcontrib>Li, Wenhao</creatorcontrib><creatorcontrib>Manickam, Selvakumar</creatorcontrib><creatorcontrib>Laghari, Shams Ul Arfeen</creatorcontrib><creatorcontrib>Chong, Yung-Wey</creatorcontrib><collection>IEEE All-Society Periodicals Package (ASPP) 2005-present</collection><collection>IEEE Xplore Open Access Journals</collection><collection>IEEE All-Society Periodicals Package (ASPP) 1998-Present</collection><collection>IEEE Electronic Library (IEL)</collection><collection>CrossRef</collection><collection>Computer and Information Systems Abstracts</collection><collection>Electronics & Communications Abstracts</collection><collection>Engineered Materials Abstracts</collection><collection>METADEX</collection><collection>Technology Research Database</collection><collection>Materials Research Database</collection><collection>ProQuest Computer Science Collection</collection><collection>Advanced Technologies Database with Aerospace</collection><collection>Computer and Information Systems Abstracts Academic</collection><collection>Computer and Information Systems Abstracts Professional</collection><collection>Directory of Open Access Journals</collection><jtitle>IEEE access</jtitle></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext</fulltext></delivery><addata><au>Li, Wenhao</au><au>Manickam, Selvakumar</au><au>Laghari, Shams Ul Arfeen</au><au>Chong, Yung-Wey</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>Uncovering the Cloak: A Systematic Review of Techniques Used to Conceal Phishing Websites</atitle><jtitle>IEEE access</jtitle><stitle>Access</stitle><date>2023-01-01</date><risdate>2023</risdate><volume>11</volume><spage>1</spage><epage>1</epage><pages>1-1</pages><issn>2169-3536</issn><eissn>2169-3536</eissn><coden>IAECCG</coden><abstract>Phishing represents a cybersecurity attack strategy commonly employed by cybercriminals to unlawfully acquire sensitive user information, including passwords, account details, credit card data, and other personally identifiable information. Phishing websites bear a striking resemblance to their legitimate counterparts, thus rendering them inconspicuous and challenging for an unsuspecting user to identify. Criminals and phishing experts frequently leverage cloaking mechanisms to evade detection software and web crawlers. This paper provides a comprehensive systematic review of primary studies conducted between 2012 and 2022 on using cloaking techniques to evade detection by anti-phishing entities based on data extracted from Scopus, Web of Science, and Google Scholar. Different server-side and client-side detection strategies, phishing techniques and cloaking mechanisms, toolkits, blacklists, phishing or anti-phishing ecosystems, and other such concepts have been taken as thematic outputs of the study and have been discussed in detail. This systematic literature review (SLR) is one of the first reviews to be conducted for analyzing the current cloaking or evasion techniques used by phishers, and the limitations of the study have been outlined as well.</abstract><cop>Piscataway</cop><pub>IEEE</pub><doi>10.1109/ACCESS.2023.3293063</doi><tpages>1</tpages><orcidid>https://orcid.org/0000-0003-1750-7441</orcidid><orcidid>https://orcid.org/0000-0003-4378-1954</orcidid><orcidid>https://orcid.org/0000-0002-6036-395X</orcidid><orcidid>https://orcid.org/0009-0007-4342-6676</orcidid><oa>free_for_read</oa></addata></record> |
| fulltext | fulltext |
| identifier | ISSN: 2169-3536 |
| ispartof | IEEE access, 2023-01, Vol.11, p.1-1 |
| issn | 2169-3536 2169-3536 |
| language | eng |
| recordid | cdi_crossref_primary_10_1109_ACCESS_2023_3293063 |
| source | Directory of Open Access Journals; IEEE Xplore Open Access Journals; EZB Electronic Journals Library |
| subjects | Anti-Phishing Ecosystem Blocklists Cloaking Techniques Companies Cybersecurity Ecosystems Evasion Techniques History Literature reviews Passwords Phishing Phishing Blacklist Phishing Toolkit Systematic review Websites |
| title | Uncovering the Cloak: A Systematic Review of Techniques Used to Conceal Phishing Websites |
| url | https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-02-04T17%3A55%3A29IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-proquest_cross&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=Uncovering%20the%20Cloak:%20A%20Systematic%20Review%20of%20Techniques%20Used%20to%20Conceal%20Phishing%20Websites&rft.jtitle=IEEE%20access&rft.au=Li,%20Wenhao&rft.date=2023-01-01&rft.volume=11&rft.spage=1&rft.epage=1&rft.pages=1-1&rft.issn=2169-3536&rft.eissn=2169-3536&rft.coden=IAECCG&rft_id=info:doi/10.1109/ACCESS.2023.3293063&rft_dat=%3Cproquest_cross%3E2840389667%3C/proquest_cross%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_pqid=2840389667&rft_id=info:pmid/&rft_ieee_id=10175532&rft_doaj_id=oai_doaj_org_article_84042c4ae23d421fae93eafe7b414d1c&rfr_iscdi=true |