ENHANCING STRATEGIES TO COMBAT PHISHING ATTACKS
Loading...
Date
2025-10
Authors
Journal Title
Journal ISSN
Volume Title
Publisher
Gretsa University
Abstract
Phishing attacks have evolved from simple email scams to sophisticated multi-vector
campaigns exploiting technological vulnerabilities and human psychology, with the digital
transformation accelerated by the COVID-19 pandemic expanding the attack surface as
cybercriminals generated approximately one million phishing reports between November
2023 and January 2024. Contemporary threats include spear phishing, whaling, smishing, and
vishing, enhanced by artificial intelligence that enables automated personalized content
creation, with consequences extending beyond financial losses to include data breaches,
regulatory violations, and reputational damage, pushing average annual incident costs 10%
higher to $4.88 million. Despite machine learning models achieving up to 99.98% accuracy
in controlled environments, current anti-phishing solutions face critical weaknesses in real world applications including performance degradation over time due to evolving attack
techniques, lack of integration within broader security ecosystems, substantial computing
requirements creating implementation barriers, and persistent human vulnerabilities, with
analysis of 53 academic and 16 grey studies identifying 20 distinct challenges in phishing
education and revealing that even well-trained individuals fall victim during stress or
distraction. Current prevention approaches remain fragmented with limited consensus on
optimal strategies for combining technological, educational, and organizational elements into
cohesive frameworks, creating a significant research gap in comprehensive, integrated
approaches for complex organizational environments. This research aims to critically
evaluate the evolving phishing landscape and examine the combined effectiveness of
technological measures, user education, organizational policies, and regulatory frameworks in
mitigating threats, with specific objectives including identifying prevalent attack types and
their evolution, assessing current technological solutions' effectiveness, gauging user
education impact on vulnerability reduction, and evaluating organizational and regulatory
influences on prevention. The study employs a mixed-methods approach combining
systematic literature review, quantitative analysis of detection system performance metrics,
and qualitative assessment of organizational implementation challenges, utilizing
comparative effectiveness analysis, thematic analysis of implementation barriers, and
framework synthesis methodology to develop an adaptive, integrated prevention framework
addressing sophisticated threats while remaining practical for diverse organizational contexts.
Description
Research project
Keywords
SOCIAL SCIENCES::Statistics, computer and systems science::Informatics, computer and systems science