Phishing Detection Techniques: A Systematic Review

Abstract

Phishing attacks continue to function as the most widespread and destructive cyber threats which exist throughout today\'s digital environment. Cybercriminals use phishing attacks to trick users into disclosing their confidential information which includes their login details and financial information and their personal identification data. The advancement of phishing techniques through AI-generated content and deepfake technology and social engineering via multiple channels has rendered traditional detection methods which rely on blacklists and heuristics increasingly ineffective. This paper presents a systematic review of phishing detection techniques which authorities developed between 2015 and 2025. The study found that transformer-based models BERT and RoBERTa achieved a detection accuracy of 99 percent which is significantly better than classical machine learning baselines. The study identified several critical open challenges which include adversarial evasion and zero-day attacks and dataset limitations and multilingual coverage. The study identified specific directions for future research.

Introduction

Phishing is described as one of the most widespread and dangerous cyber threats, where attackers impersonate trusted entities like banks, government agencies, and online platforms to steal sensitive user information. Its impact is significant and growing, with organizations such as the Anti-Phishing Working Group reporting over 1.3 million phishing attacks in early 2024, and studies by companies like Verizon highlighting phishing as the leading cause of data breaches globally. The rise of AI-generated content, deepfakes, and multi-channel attacks (email, SMS, voice) has made phishing increasingly sophisticated and harder to detect.

The paper categorizes phishing attacks into multiple types, including email phishing, spear phishing, whaling, smishing/vishing, pharming, and browser-in-the-browser attacks. It explains the full attack lifecycle from reconnaissance and fake domain creation to victim deception and data theft, emphasizing the large financial and security impact of such attacks.

For detection, several approaches are reviewed. Traditional blacklist systems such as those maintained by PhishTank and OpenPhish are fast but ineffective against new (zero-day) attacks. Heuristic methods use rule-based indicators like URL structure and domain age but suffer from false positives. Visual similarity methods detect fake websites by comparing layouts and branding but are computationally expensive.

Machine learning approaches like Random Forest, SVM, and boosting models provide strong performance (97–99% accuracy) by learning from engineered features such as URL and DNS properties. Deep learning models such as CNNs, LSTMs, and transformer-based architectures like BERT and RoBERTa achieve even higher accuracy (up to ~99%), but require large datasets and high computational power. Emerging methods include large language models, GAN-based adversarial training, blockchain-based blacklists, and explainable AI techniques like SHAP.

The review also highlights widely used datasets such as those from the UCI Machine Learning Repository, PhishTank, and OpenPhish, along with evaluation metrics like accuracy, precision, recall, F1-score, and false positive rate.

A comparative analysis shows trade-offs between speed, accuracy, cost, and interpretability: blacklist systems are fast but limited, classical ML offers a practical balance, and deep learning provides the highest accuracy but is resource-intensive and less interpretable. Hybrid layered systems are recommended for real-world deployment.

Finally, key challenges include adversarial evasion techniques, zero-day phishing attacks using URL shorteners and obfuscation, AI-generated multilingual phishing content, and the need for explainable, trustworthy models in enterprise environments. The study concludes that future systems must combine robustness, real-time adaptability, multilingual capability, and explainability to effectively combat evolving phishing threats.

Conclusion

The paper conducted an extensive systematic review of all phishing detection methods which include rule-based systems and heuristic systems and visual systems and machine learning systems and deep learning systems. The key findings are threefold. First, organizations need to implement hybrid detection systems which combine blacklist speed with machine learning and deep learning capabilities because no single detection system can handle all practical situations. Second, transformer-based deep learning models which include BERT and RoBERTa have achieved state-of-the-art accuracy because they reach accuracy levels between 98 and 99 percent on benchmark phishing email datasets. Third, the most critical open challenges are adversarial evasion, the rapid adoption of generative AI by phishing actors, multilingual dataset scarcity, and the absence of explainability as a first-class system requirement. The research objectives from Section 1, which include five research goals, have been accomplished through multiple research activities. The research team completed three tasks which involved surveying major detection methods and assessing their respective strengths and weaknesses and the study performed a detailed comparison of machine learning and deep learning results and the research team identified essential datasets and evaluation metrics and they specified ongoing research areas that need exploration. The security research community needs to focus on creating five types of detection systems because generative AI technology enables criminals to conduct advanced phishing attacks which require protective measures for our digital world.

References

[1] APWG. Phishing Activity Trends Report, Quarterly 2024. Available: apwg.org [2] Verizon. Data Breach Investigations Report, 2023. Available: verizon.com/business/resources/reports/dbir/ [3] Z. Alkhalil et al., \"Phishing Attacks: A Recent Comprehensive Study and a New Anatomy,\" Front. Comput. Sci., vol. 3, p. 563060, 2021. [4] A. Sharma & N. Gupta, \"A Comprehensive Survey on ML-Based Phishing Detection,\" ACM Comput. Surv., vol. 56, no. 4, pp. 1–28, 2024. [5] Journal of Applied Security Research, 2025. \"A Survey on Phishing Attack Taxonomy, Detection Techniques, Datasets, and Security Measures.\" tandfonline.com [6] Springer AI Review, Dec 2024. \"Staying Ahead of Phishers: A Review of Recent Advances in Phishing Detection.\" link.springer.com [7] Journal of King Saud University – Computer and Information Sciences, 2023. \"A Systematic Literature Review on Phishing Website Detection Techniques.\" sciencedirect.com [8] Frontiers in AI, 2025. \"AI in Phishing Detection: A Bibliometric Review.\" frontiersin.org [9] Applied Sciences, 2025. \"In-Depth Analysis of Phishing Email Detection: Evaluating ML and DL Models Across Multiple Datasets.\" mdpi.com [10] M. A. Tamal et al., \"Unveiling Suspicious Phishing Attacks,\" Front. Comput. Sci., vol. 6, p. 1428013, 2024. [11] I. Haq et al., \"Lightweight 1D-CNN Model for URL-Based Phishing Detection,\" IEEE Access, vol. 12, pp. 102394–102406, 2024. [12] S. Kumar et al., \"Transformer-Based Approaches for Email Phishing Detection,\" IEEE Access, vol. 12, pp. 109823–109836, 2024. [13] arXiv, 2025. \"Evolution of Phishing Detection with AI: A Comparative Review.\" arXiv:2507.07406 [14] Nature Scientific Reports, 2025. \"Explainable Phishing Website Detection for Secure and Sustainable Cyber Infrastructure.\" [15] A. Basit et al., \"A ML Approach for Phishing Detection Using URL Features,\" Comput. Secur., vol. 132, pp. 102948–102957, 2023.

Copyright

Copyright © 2026 Poorvi ., Yogita Thareja. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.