Mobile phishing attacks and defence mechanisms: State of art and open research challenges

Phishing is an online identity theft in which an attacker tries to steal user's personal information, resulting in financial loss of individuals as well as organisations. Nowadays, mobile devices especially smartphones are increasingly being used by the users due to a wide range of functionalities they provide. These devices are very compact and provide functionalities similar to those of desktop computers due to which attackers are now targeting the mobile device users. However, detection of mobile phishing attack is a different problem from desktop phishing due to the dissimilar architectures of both. Moreover, identification of mobile phishing attack with high accuracy is an important research issue as not much amount of work has been done in this field. Many anti-phishing solutions for mobile devices have been proposed till date but still there is a lack of a full fledge solution. The primary objective of this paper is to do a detailed analysis on mobile phishing - attacking techniques and defence mechanisms. We present this paper in four folds. First, we discuss in detail about mobile phishing attack, its history, motivation of attackers, and security concerns of smartphones. Second, we analyse various mobile phishing attacks and provide a taxonomy of the same. Third, we provide taxonomy of numerous recently proposed solutions that detect and defend users from mobile phishing attacks. Fourth, we discuss different issues and challenges faced by researchers while dealing with mobile phishing attacks. In addition, we have also discussed datasets and evaluation matrices used by researchers for evaluating their approaches.