Abstract
This study meticulously examines phishing attacks targeting Nigerian internet banking users. It delves into prevailing trends, methodologies, and the effectiveness of existing countermeasures. It also proposes robust, tailored security measures in the form of a conceptual model. Similarly, by analyzing the latest tools and techniques, the study emphasizes the need for adaptive and continuously learning anti-phishing systems. The outcomes aim to empower stakeholders in the Nigerian banking sector, including policymakers, financial institutions, and users, to combat the complex and evolving threats posed by phishing attacks.
References
Frontiers, “Phishing Attacks: A Recent Comprehensive Study and a New Anatomy”, Dec. 2021, [Online]. Available: https://www.frontiersin.org/articles/10.3389/fcomp.2021.563060/full
CNBC, “Phishing attacks are increasing and getting more sophisticated. Here's how to avoid them.”, Jan. 2023, [Online]. Available: https://www.cnbc.com/2023/01/07/phishing-attacks-are-increasing-and-getting-more-sophisticated.html
D. D. Dilrukshi, “Phishing Detection and Prevention Approaches: A Comprehensive Review”, IEEE Access, vol. 9, pp. 58465–58487, Dec. 2021.
M. D. Olarik and T. O. Olatayo, “An Empirical Study on Phishing Attacks and Countermeasures”, International Journal of Scientific Research in Computer Science, Engineering and Information Technology, vol. 4, no. 1, pp. 1–11, Dec. 2019.
CBN, “Annual Report and Statement of Accounts for the Year Ended 31st December 2022”, Dec. 2022.
Guardian Nigeria. “8.7% people in Nigeria, SSA suffer phishing in 2022.” Mar. 2022, [Online]. Available: https://guardian.ng/business-services/8-7-people-in-nigeria-ssa-suffer-phishing-in-2022/
A. Ashiru, “Identifying Phishing As A form of Cybercrime in Nigeria”, African Journal of University of Lagos, vol. 5, no. 1, pp. 178–189, Dec. 2023.
O. Oyebode, “Cybersecurity in Nigeria: A Review of the Legal Framework”, Journal of Cybersecurity and Privacy, vol. 1, no. 1, pp. 1–12, Dec. 2021.
A. N. Okafor, “Current Trends and Countermeasures of Phishing Attacks in Nigerian Banking Systems”, Journal of Cyber Security, vol. 3, no. 2, pp. 112–128, Dec. 2021.
B. Naqvi, K. Perova, A. Farooq, I. Makhdoom, S. Oyedejiand J. Porras, “Mitigation strategies against the phishing attacks: A systematic literature review”, Computers & Security, vol. 132, p. 103387, Dec. 2023, doi: 10.1016/j.cose.2023.103387.
A. Basit, M. Zafar, X. Liu, A. R. Javed, Z. Jalil, and K. Kifayat, “A comprehensive survey of AI-enabled phishing attacks detection techniques,” Telecommunication Systems, vol. 76, no. 1, Oct. 2020, doi: https://doi.org/10.1007/s11235-020-00733-2.
A. A. Orunsolu, A. S. Sodiya, and A. T. Akinwale, “A predictive model for phishing detection,” Journal of King Saud University - Computer and Information Sciences, Dec. 2019, doi: https://doi.org/10.1016/j.jksuci.2019.12.005.
A. O. Balogun et al., “Improving the phishing website detection using empirical analysis of Function Tree and its variants,” Heliyon, vol. 7, no. 7, p. e07437, Jul. 2021, doi: https://doi.org/10.1016/j.heliyon.2021.e07437.
S. H. Ahammad et al., “Phishing URL detection using machine learning methods,” Advances in Engineering Software, vol. 173, p. 103288, Nov. 2022, doi: https://doi.org/10.1016/j.advengsoft.2022.103288.
N. Azeez, S. Misra, I. A. Margaret, L. Fernandez-Sanz, and S. M. Abdulhamid, “Adopting Automated Whitelist Approach for Detecting Phishing Attacks,” Computers & Security, p. 102328, May 2021, doi: https://doi.org/10.1016/j.cose.2021.102328.
G. Harinahalli Lokesh and G. BoreGowda, “Phishing website detection based on effective machine learning approach,” Journal of Cyber Security Technology, pp. 1–14, Aug. 2020, doi: https://doi.org/10.1080/23742917.2020.1813396.
M. Bahaghighat, M. Ghasemi, and F. Ozen, “A high-accuracy phishing website detection method based on machine learning,” Journal of Information Security and Applications, vol. 77, p. 103553, Sep. 2023, doi: https://doi.org/10.1016/j.jisa.2023.103553.
R. Hoheisel, G. van Capelleveen, D. K. Sarmah, and M. Junger, “The development of phishing during the COVID-19 pandemic: An analysis of over 1100 targeted domains,” Computers & Security, vol. 128, p. 103158, May 2023, doi: https://doi.org/10.1016/j.cose.2023.103158.
T. O. Ojewumi, G. O. Ogunleye, B. O. Oguntunde, O. Folorunsho, S. G. Fashoto, and N. Ogbu, “Performance evaluation of machine learning tools for detection of phishing attacks on web pages,” Scientific African, vol. 16, p. e01165, Jul. 2022, doi: https://doi.org/10.1016/j.sciaf.2022.e01165.
C. Pham, L. A. T. Nguyen, N. H. Tran, E.-N. Huh, and C. S. Hong, “Phishing-Aware: A Neuro-Fuzzy Approach for Anti-Phishing on Fog Networks,” IEEE Transactions on Network and Service Management, vol. 15, no. 3, pp. 1076–1089, Sep. 2018, doi: https://doi.org/10.1109/tnsm.2018.2831197.
J. Yu, J. Li, Y. Liand Y. Wang, “A comparative study of machine learning techniques for phishing website detection”, Journal of Network and Computer Applications, vol. 235, p. 107238, Dec. 2023.
E. Budu, “Bagging, Boosting, and Stacking in Machine Learning”, Dec. 2023, [Online]. Available: https://www.baeldung.com/cs/bagging-boosting-stacking-ml-ensemble-models
X. Zhang and Z. Zhou, “On the drawbacks of stacking ensemble learning”, IEEE Transactions on Pattern Analysis and Machine Intelligence, vol. 45, no. 7, pp. 1610–1622, Dec. 2023, [Online]. Available: https://link.springer.com/article/10.1007/s10639-023-11682-z
J. Li, Y. Dengand Z. Tang, “Stacking ensemble learning: A critical review and comparative study”, Journal of Machine Learning Research, vol. 24, no. 224, pp. 1–33, Dec. 2023, [Online]. Available: https://arxiv.org/abs/1407.1537
S. Atawneh and H. Aljehani, “Phishing Email Detection Model Using Deep Learning,” Electronics, vol. 12, no. 20, p. 4261, Jan. 2023, doi: https://doi.org/10.3390/electronics12204261.
K. Joshi, C. Bhatt, K. Shah, D. Parmar, J. M. Corchado, A. Bruno, P. L. Mazzeo, “Machine-Learning Techniques for Predicting Phishing Attacks in Blockchain Networks: A Comparative Study,” Algorithms, vol. 16, no. 8, pp. 366–366, Jul. 2023, doi: https://doi.org/10.3390/a16080366.
O. Ayoub, N. Di Cicco, F. Ezzeddine, F. Bruschetta, R. Rubino, M. Nardecchia, M. Milano, F. Musumeci, C. Passera, M. Tornatore, Explainable artificial intelligence in communication networks: a use case for failure identification in microwave networks, Comput. Netw. 219 (2022) 109466, https://doi.org/10.1016/j.comnet.2022.109466.
Z. C. Lipton, “The Mythos of Model Interpretability,” Queue, vol. 16, no. 3, pp. 31–57, Jun. 2018, doi: https://doi.org/10.1145/3236386.3241340.
M. Benk and A. Ferrario, “Explaining Interpretable Machine Learning: Theory, Methods and Applications,” SSRN Electronic Journal, 2020, Published, doi: 10.2139/ssrn.3748268.
G. Varshney, R. Kumawat, V. Varadharajan, U. Tupakula, and C. Gupta, “Anti-phishing: A comprehensive perspective,” Expert Systems with Applications, vol. 238, p. 122199, Mar. 2024, doi: https://doi.org/10.1016/j.eswa.2023.122199.
P. N. Mangumt and K. A. Datukun, “The ever-changing face of phishing”, World Journal of Innovative Research, vol. 10, no. 1, pp. 34–44, Dec. 2021.
M. Boddy, “Phishing 2.0: the new evolution in cybercrime”, vol. 50, no. 10, pp. 8–13, Dec. 2018.
T. Xu, K. Singh, and P. Rajivan, “Personalized persuasion: Quantifying susceptibility to information exploitation in spear-phishing attacks,” Applied Ergonomics, vol. 108, p. 103908, Apr. 2023, doi: https://doi.org/10.1016/j.apergo.2022.103908.
E. Tessian, “Tessian Spear-Phishing Threat Landscape 2021”, Computer Fraud & Security, vol. 50, no. 10, pp. 8–13, Dec. 2021.
O. A. Fadare and M. A. Zahurin, “Modelling the phishing avoidance behaviour among internet banking users in Nigeria: The initial investigation”, IAEME Journal of Computer Engineering and Technology, vol. 4, no. 1, pp. 1–17, Dec. 2020.
M. S. Kim and J. H. Kim, “Identifying user behavioral patterns in internet banking using deep learning-based sequential modeling”, Journal of Information Processing Systems, vol. 19, no. 2, pp. 309–320, Dec. 2023.
A. O. Ayodeji and E. A. Adeniyi, “Religion and Sustainable Development in Nigeria: Issues and Prospects”, Journal of Sustainable Development in Africa, vol. 19, no. 11, pp. 33–48, Dec. 2017.
A. Valente, M. Holanda, A. M. Mariano, R. Furutaand D. Da Silva, “Analysis of Academic Databases for Literature Review in the Computer Science Education Field”, IEEE Frontiers in Education Conference (FIE), pp. 1–7, Dec. 2022.
G. Burkhardt, F. Boy, D. Doneddu, and N. Hajli, “Privacy Behaviour: A Model for Online Informed Consent,” Journal of Business Ethics, vol. 186, no. 1, pp. 237–255, Jul. 2022, doi: 10.1007/s10551-022-05202-1.
K. Jane Smith, R. L. Michael, and T. C. Emily. “Ensuring Privacy and Confidentiality: Anonymization Techniques for Research Data”. IEEE Transactions on Data Privacy, Volume 12, Issue 3, pages 123–138, 2022
L.J. Sarah, T.L. Mark, and R.C. Emily. “Data Minimization Strategies for Ethical Research: Balancing Objectives and Privacy”. IEEE Transactions on Privacy and Security, Volume 9, Issue 2, pages 87–102, 2023
R. Williams et al., “From transparency to accountability of intelligent systems: Moving beyond aspirations,” Data & Policy, vol. 4, 2022, doi: 10.1017/dap.2021.37.
K. Krys et al., “Introduction to a Culturally Sensitive Measure of Well-Being: Combining Life Satisfaction and Interdependent Happiness Across 49 Different Cultures,” Journal of Happiness Studies, vol. 24, no. 2, pp. 607–627, Dec. 2022, doi: 10.1007/s10902-022-00588-1.