ENHANCING STRATEGIES TO COMBAT PHISHING ATTACKS
| dc.contributor.author | NJUGUNA, SAMUEL NJOROGE | |
| dc.date.accessioned | 2026-04-01T12:24:34Z | |
| dc.date.available | 2026-04-01T12:24:34Z | |
| dc.date.issued | 2025-10 | |
| dc.description | Research project | |
| dc.description.abstract | Phishing attacks have evolved from simple email scams to sophisticated multi-vector campaigns exploiting technological vulnerabilities and human psychology, with the digital transformation accelerated by the COVID-19 pandemic expanding the attack surface as cybercriminals generated approximately one million phishing reports between November 2023 and January 2024. Contemporary threats include spear phishing, whaling, smishing, and vishing, enhanced by artificial intelligence that enables automated personalized content creation, with consequences extending beyond financial losses to include data breaches, regulatory violations, and reputational damage, pushing average annual incident costs 10% higher to $4.88 million. Despite machine learning models achieving up to 99.98% accuracy in controlled environments, current anti-phishing solutions face critical weaknesses in real world applications including performance degradation over time due to evolving attack techniques, lack of integration within broader security ecosystems, substantial computing requirements creating implementation barriers, and persistent human vulnerabilities, with analysis of 53 academic and 16 grey studies identifying 20 distinct challenges in phishing education and revealing that even well-trained individuals fall victim during stress or distraction. Current prevention approaches remain fragmented with limited consensus on optimal strategies for combining technological, educational, and organizational elements into cohesive frameworks, creating a significant research gap in comprehensive, integrated approaches for complex organizational environments. This research aims to critically evaluate the evolving phishing landscape and examine the combined effectiveness of technological measures, user education, organizational policies, and regulatory frameworks in mitigating threats, with specific objectives including identifying prevalent attack types and their evolution, assessing current technological solutions' effectiveness, gauging user education impact on vulnerability reduction, and evaluating organizational and regulatory influences on prevention. The study employs a mixed-methods approach combining systematic literature review, quantitative analysis of detection system performance metrics, and qualitative assessment of organizational implementation challenges, utilizing comparative effectiveness analysis, thematic analysis of implementation barriers, and framework synthesis methodology to develop an adaptive, integrated prevention framework addressing sophisticated threats while remaining practical for diverse organizational contexts. | |
| dc.description.sponsorship | Gretsa university | |
| dc.identifier.uri | https://ir.gretsauniversity.ac.ke/handle/123456789/314 | |
| dc.publisher | Gretsa University | |
| dc.subject | SOCIAL SCIENCES::Statistics, computer and systems science::Informatics, computer and systems science | |
| dc.title | ENHANCING STRATEGIES TO COMBAT PHISHING ATTACKS |