Hybrid Model of Phishing Email Detection: A Combination of Technical and Non-Technical Anti-Phishing Approaches

Phishing is a cybercrime in which, attackers try to fraudulently retrieve users' credentials by mimicking trusted communication channels. The problem with phishing is that attackers still able to bypass anti-phishing automated systems through the human factor. It is not enough, therefore, to only add new technologies, aware users might play the key role in stopping phishing attacks. Based on that, phishing problem requires defense solutions that to be applied at both of the technical (automated systems) and non-technical (human) aspects. Phishing attacks, in general, are initiated through simulated emails with a false claim of being sent from trusted parties. The work in this paper is dedicated to fighting phishing threats at email's level in order to kill this type of attacks in the cradle. Users, therefore, are protected at a level which is prior of browsing phishing web pages. This paper proposes an anti-phishing model that designed based on the general taxonomy of the technical and non-technical aspects of phishing detection approaches. This paper, in addition, presents the general structure of the proposed anti-phishing system that developed based on the herein proposed model. The novelty of this model is the approach of combining both of the automated procedures with users' anti-phishing training method to detect phishing emails.