Spithoven, R., & Drenth, A. (2024). Who will take the bait? Using an embedded, experimental
study to chart organization-specific phishing risk profiles and the effect of a voluntary
microlearning among employees of a Dutch municipality. Journal of Cybersecurity, 10(1).
https://doi.org/10.1093/cybsec/tyae010

Any form of phishing is just an entry point to other crimes, including hacking and ransomware. As such, the paper categorically states that the reason phishing works has nothing to do with failure in the security systems but because of human vulnerability. This study focused on the country of Netherlands, which is highly victimized in relation to phishing by both individuals and organizations. In 2021, 68% of the adult population reported having received phishing emails, and 2% were victims in the Netherlands. It explains how this might result in data leakage or can even bring organizational operations to a complete standstill. The study targeted organizations that have sensitive data and established how, through phishing, such data was compromised and consequently disrupted operations. Precisely, it establishes employee groups of high risk and evaluates how effective e-learning is in enhancing resilience among employees. Specifically, it explains how web-based microlearning courses increase the resiliency of employees to phishing attacks.

It also contemplates human-related factors contributing to susceptibility to phishing, such as demographic factors, personality traits, and digital literacy. It strongly advocates the necessity of a multi-layered security model entailing technical measures, policies, and training in view of effective anti-phishing. Experimental methodology is proposed toward the establishment of individually tailored phishing risk profiles and training. It principally insists on awareness and adaptive security measures as a must for attainment of cybersecurity resilience, mainly within the public administration context.

Tham, D. (2023, June 23). Phishing attempts on Singapore targets rose 175% to 8,500, with
banking sector most spoofed in 2022. CNA.
https://www.channelnewsasia.com/singapore/cybersecurity-csa-phishing-ransomware-ai3578216

According to an article, there has been a sharp rise in phishing attempts against Singapore, with 175 percent surging in cases to 8.500 in 2022. Considering all sectors spoofed, the banking sector was ranked first, indicating just yet another growing trend that cybercriminals are turning toward financial institutions. The articleOWL shows just how bad things really are and poses a need for better security measures that would help ensure protection over sensitive information and financial assets. This rise in phishing attempts simply means cybercriminals have shifted to the next gear. As such, it calls for more vigilance and proactive measures from users to all organizations and citizens of Singapore are constantly evolving, increasing cybersecurity awareness, and readiness.

Ejaz, A., Mian, A. N., & Manzoor, S. (2023). Life-long phishing attack detection using continual learning. Scientific Reports, 13(1). https://doi.org/10.1038/s41598-023-37552-9

Phishing is a major concern for any hacker since it happens due to the fact that cybercriminals trick the user to conduct activity that would otherwise not have been performed to reveal sensitive information. The reported number of phishing attacks increases and hit an all-time high of 316,747 in December 2021. Traditional phishing detection systems are incapable of detecting the attacks since the attackers use state-of-the-art techniques and technologies to bypass the system. Rule-based systems, where malicious domains and URLs are blacklisted, have raised several issues with respect to the detection of first-time attacks and, more importantly, with false positives. The machine learning based approaches consciously do well using past experiences and extracting features to detect attacks but usually fail to recognize more sophisticated phishing samples in the future due to changes in feature distribution.

This paper presents a continual learning-based phishing detection framework that can overcome the performance drop of traditional ML models over time. In this line, CL algorithms LWF and EWC are used to adapt the model on new data without its performance decreasing on the preceding one. Experimental results show that CL-based algorithms do help alleviate the performance drop problem and thus might turn into a practical solution for long-term phishing detection. Some potential future research directions could be including several techniques to alleviate catastrophic, forgetting, other embedding models for feature extraction, and other different CL techniques against phishing detection.

Carroll, F., Adejobi, J. A., & Montasari, R. (2022). How Good Are We at Detecting a Phishing
Attack? Investigating the Evolving Phishing Attack Email and Why It Continues to
Successfully Deceive Society. SN Computer Science/SN Computer Science, 3(2).
https://doi.org/10.1007/s42979-022-01069-1

In this regard, the article regards the fact that email, in all its forms, has become a key channel of communication during the COVID-19 lockdown, with a resulting surge in phishing attacks. Therefore, it identifies one of the main cyber threats as being phishing, in which attackers achieve unauthorized sensitive information through emails of fraudulent nature. It is said that the nature of phishing attacks changed where the attackers seemed to become sophisticated in their methods by luring victims with COVID-19 themes. Even though anti-phishing systems are present in the market, attacks prevail despite these since most phishing attacks bypass or involve high false rates. The paper also considers human factors: personality traits, gender, age, workload–factors all making a person more prone to phishing susceptibility. It concludes that user education and training relevant to fighting phishing attacks are needed, and so is technological advancement in improving the resilience of users against such attacks.