The Evolution of Phishing: From Email to Social Media

By: Gonipalli Bharath, Vel Tech University, Chennai, India,& International Center for AI and Cyber Security Research and Innovations, Asia University, Taiwan, gonipallibharath@gmail.com

Abstract:

Since its origin, the cybercrime method known as phishing has undergone substantial change. Phishing starts with the misuse of email in obtaining private data; it grows to many types of digital channels like social networks. Focusing on innovations of 2022 to 2024, this paper further examines phishing strategy evolutions as well as the research methodologies in studying these changes. Through comprehension of this development, interested parties can enhance their defences against new dangers.

Introduction:

Phishing is a type of cyberattack in which malicious users mislead people into revealing private information, including financial details and passwords. While email phishing has been a popular strategy since the 1990s, the development of social networking platforms has opened up new risks [^[1]]. Social media phishing enables the attackers to get the fools of users by using the availability of such media and trusting these platforms. From above, the current focus of the research study has emphasized the detection-prevention issues related to such attacks and its evolution of techniques.

Figure[^[2]]

Literature Review:

Some of the key themes making up phishing research in the period between 2021 and 2024 revolve around diversity in attack channels and sophistication in the deceptive tactics. These social media attacks come through sites such as Facebook, Instagram, and LinkedIn by means of phony profiles displaying messages to psychologically manipulate human psychology [^[3]]. The number of phishing-as-a-service offerings has increased, according to Ganguli, “The Rise of Cybercrime-as-a-Service.” (2024), in which attackers sell pre-made phishing kits aimed at social network users [^[4]].

Bauskar et al.(2024), focused on AI-driven phishing techniques [^[5]], in which attackers create convincing messages and avoid detection systems by using machine learning. Such developments underline the need for strong, flexible defenses.

Methodology:

This study employed a variety of techniques for understanding the evolution of phishing. This is a brief description of what has been done:

Information Gathering:

Researchers have gathered information from a diverse range of sources, including internet libraries of phishing cases, academic articles, and cybersecurity reports. This study has specifically concentrated on situations occurring between 2022 and 2024, with the focus being on social networking platforms such as LinkedIn, Facebook, and Instagram. Various tools, web scraping techniques, and APIs facilitated the collection of this data, while human verifications guaranteed its accuracy.

Examining Phishing Trends:

• Case Studies: 

In order to understand that how phishing attempts operate and what techniques hackers apply, specific instances of these assaults were examined.

• Behavioural Study: 

The study examined how attackers use human weaknesses, like believing communications that seem familiar.

• Message Trends: 

Finding out whether any of such phishing communications shared any common or alike words, phrases, or styles used by different texts has necessitated the use of language processing tools such as NLTK and SpaCy.

• Identifying Patterns:

Data were examined for recurring behavior in phishing techniques and new ones, such as attackers’ use of artificially intelligent tools.

Results from several sections of the study were examined to ensure that they matched and made sense when combined. This method allowed the study to clearly show how phishing attacks are evolving and growing more sophisticated.

Evolution of phishing attacks figure[^[6]]

Conclusion:

Phishing’s move from email to social media highlights the ever-changing nature of cyber dangers. Given the vast potential of a broad user base coupled with interaction through trust, the social media networks have proven a good avenue toward the success of phishing attacks. Attackers have devised and constantly refined their techniques such that they employ everything from AI-driven methods to custom schemes. But in order to counter these attacks, defense technology needs to keep up with developments. To lessen the impact of phishing, users, social media companies, and cybersecurity experts collaborated.

References:

1. Bauskar, Sanjay Ramdas, Chandrakanth Rao Madhavaram, Eswar Prasad Galla, Janardhana Rao Sunkara, and Hemanth Kumar Gollangi. “AI-Driven Phishing Email Detection: Leveraging Big Data Analytics for Enhanced Cybersecurity.” Library Progress International 44, no. 3 (October 1, 2024): 7211–24.
2. “Frontiers | Phishing Attacks: A Recent Comprehensive Study and a New Anatomy.” Accessed January 2, 2025. https://www.frontiersin.org/journals/computer-science/articles/10.3389/fcomp.2021.563060/full?ref=based.inc.
3. Ganguli, Prithwish. “The Rise of Cybercrime-as-a-Service: Implications and Countermeasures.” SSRN Scholarly Paper. Rochester, NY: Social Science Research Network, September 15, 2024. https://doi.org/10.2139/ssrn.4959188.
4. Jain, Ankit Kumar, Somya Ranjan Sahoo, and Jyoti Kaubiyal. “Online Social Networks Security and Privacy: Comprehensive Review and Analysis.” Complex & Intelligent Systems 7, no. 5 (October 1, 2021): 2157–77. https://doi.org/10.1007/s40747-021-00409-7.
5. ResearchGate. “FIGURE 2. Phishing Attack Life Cycle.” Accessed January 2, 2025. https://www.researchgate.net/figure/Phishing-attack-life-cycle_fig2_358678073.
6. “What Is a Phishing Attack?” Accessed January 2, 2025. https://www.cloudflare.com/learning/access-management/phishing-attack/.
7. Gupta, B. B., Joshi, R. C., & Misra, M. (2009). Defending against distributed denial of service attacks: issues and challenges. Information Security Journal: A Global Perspective, 18(5), 224-247.
8. Dahiya, A., & Gupta, B. B. (2021). A reputation score policy and Bayesian game theory based incentivized mechanism for DDoS attacks mitigation and cyber defense. Future Generation Computer Systems, 117, 193-204.
9. Kee S.N. (2024) IoT and Blockchain Convergence: Addressing Phishing Threats in Industrial IoT, Insights2Techinfo, pp.1

Cite As

Bharath G. (2025) The Evolution of Phishing: From Email to Social Media, Insights2Techinfo, pp.1

814700cookie-checkThe Evolution of Phishing: From Email to Social Mediayes