Abstract
Phishing remains one of the most prominent threats to individuals and organizations in the public and private sectors today. It is a gateway attack that can lead to more severe attacks, including identity theft, ransomware attacks, and denial-of-service attacks. Unfortunately, people and their poor choices, ignorance, and lack of attention to detail combine to make phishing prevalent and effective. This paper gives an overview of the phishing problem and introduces the motives behind phishing and common attack vectors used in phishing attacks. We then review several existing phishing detection and mitigation solutions in three categories: education, machine learning, and blacklists/whitelists. Finally, we also discuss the challenges found in the solutions we surveyed.