The evolution of phishing and future directions: A review

Abstract

Phishing has emerged as one of the most persistent and evolving threats in cybersecurity. Its development from simple email scams to highly sophisticated and targeted attacks has been driven by technological advancements, the rise of social media, and the increasing availability of personal data online. This paper provides a comprehensive review of the evolution of phishing, examining key milestones in its history, current trends, and future directions. Emphasis is placed on the integration of emerging technologies such as artificial intelligence (AI) and machine learning (ML), the role of phishing-as-a-service (PhaaS) platforms, and the challenges posed by deepfake phishing and the Internet of Things (IoT). The paper concludes by discussing potential strategies for combating these evolving threats and proposes future research directions to enhance phishing detection and prevention mechanisms. Additionally, the study examines the growing intersection between phishing attacks and state-sponsored cyber operations, highlighting the increasing sophistication of threat actors and their exploitation of geopolitical events for targeted campaigns. The research also addresses the critical need for adaptive defense mechanisms that can respond to the rapid evolution of attack vectors while maintaining usability for legitimate users.