Impact of detection accuracy rates on phishing email spikes: Towards more effective mitigation

Abstract

Phishing is a common cyber-attack technique where a criminal pretending to be a trusted entity sends a message either soliciting assistance, or requesting bank or credit card details with promises that usually turn out to be a hoax. This may include malicious links intended to steal such sensitive, personal information. Research continues to emerge exploring varied approaches to address the ever-increasing phishing attacks to mitigate their damaging operational, economic, and reputational impacts. In reviewing prior works and their effectiveness in addressing phishing problems, no work has been found that explored the relationship between the increasing detection accuracy rates from research solutions and the ever-increasing cases of phishing attacks. Using a systematic literature review of 76 relevant literature spanning 2007–2023 to understand the effectiveness of existing approaches and potential areas of improvement, this study bridges the existing gap and contributes novel knowledge by highlighting the reasons why existing phishing detection approaches despite high detection accuracy rates, scarcely had a direct influence on a reduction in phishing e-mail attacks. Current methods seem driven by third-party post-incident datasets, making them reactive instead of proactive, and are typically proof-of-concepts that are immature for use in practice. Recommendations to address these issues can help researchers develop progressive methods that can be more effective in mitigating phishing trends and countering their negative impacts.