A Review of Human- and Computer-Facing URL Phishing Features

Kholoud Althobaiti, Ghaidaa Rummani, Kami Vaniea

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract / Description of output

When detecting phishing websites, both humans and computers rely on aspects of the website (features) to aid in their decision making. In this work, we conduct a review of URL-based phishing features that appear in publications targeting humanfacing and automated anti-phishing approaches. We focus on both humans and computers to obtain a more comprehensive feature list and create a cross-community foundation for future research. We reviewed 94 papers and categorise their features into: lexical, host, rank, redirection, certificate, search engine, and black/white lists. We find that research on automation has used all feature
categories but several, such as host-based features (e.g. DNS), are minimally explored in human-facing anti-phishing research.
Original languageEnglish
Title of host publication2019 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW)
Place of PublicationStockholm, Sweden
PublisherInstitute of Electrical and Electronics Engineers (IEEE)
Number of pages10
ISBN (Electronic)978-1-7281-3026-2
ISBN (Print)978-1-7281-3027-9
Publication statusPublished - 19 Aug 2019
Event4th European Workshop on Usable Security - Stockholm, Sweden
Duration: 20 Jun 201920 Jun 2019


Workshop4th European Workshop on Usable Security
Abbreviated titleEuroUSEC 2019
Internet address

Keywords / Materials (for Non-textual outputs)

  • phishing
  • phishing features
  • phishing education
  • usable security


Dive into the research topics of 'A Review of Human- and Computer-Facing URL Phishing Features'. Together they form a unique fingerprint.

Cite this