| [40] | 2013 | Computer & Human | Trojan e-mail and phishing messages, advance-fee fraud, impersonation, persuasion, bribery, shoulder surfing, and dumpster diving. | Persuasion (not attack), bribery (not attack). Suggested but didn’t classify into proposed classification scheme | 8 | 37.50 |
| [42] | 2015 | Operator, Type, Channel | Phishing, Shoulder surfing, Dumpster diving, RSE, Waterholing, APT, Baiting, ASE, FakeProfìle, Sybil, Spearphishing, | Advanced persistent threat, Sybil attacks. But didn’t classify attack into suggested categories. | 10 | 20.00 |
| [31] | 2016 | Human & Technical | Phishing, Pretexting, Baiting, Quid pro quo, Tailgating, dumpster diving, | Suggested but didn’t classify into proposed classification scheme | 6 | 0.00 |
| [21] | 2017 | SE & Malware | Website phishing, Email phishing, Spear phishing, Key loggers (Hardware & Software), screen loggers, Session hijacking, DNS phishing, Host file poisoning, System reconfiguration attacks, Pharming, Proxy attack, Content injection, Phishing through search engines, Spandexing | Key loggers (Hardware & Software), screen loggers, Session hijacking, DNS poisoning, Host file poisoning, System reconfiguration attacks, Proxy attack, Content injection, Spandexing | 16 | 75.00 |
| [35] | 2018 | Medium | drive-by-download, MITM, XSS, tabnapping, spear phishing, whaling, SEO Phishing, session fixation, malvertising, social engineering, JavaScript obfuscation, browser vulnerabilities, mobile phone, cloud computing and WiPhishing or Evil Twins, SQL injection, typo-squatting, and sound-squatting, ClickJacking, CAPTCHA attack, Trojan, Bot Attack (BotNet), APT, Tabnapping, | MITM, XSS, session fixation, malvertising, social engineering, browser vulnerabilities (generic term), mobile phone (generic term), cloud computing (generic term), SQL injection, CAPTCHA attack, Trojan, Bot Attack (BotNet), APT, Tabnapping, | 24 | 45.83 |
| [61] | 2018 | Computer & Human | temptation to have something rare, Show the similarities with the target, Pay back the favour, style of flattery, Move with the flow, Pretexting, Reverse Social Engineering, Phishing, Spear phishing, Watering hole attack | Pay back the favour, show the similarities, style of flattery, temptation to have something rare. These are too general terms and do not reflect a specific attack | 10 | 50.00 |
| [36] | 2019 | Device | phishing, CSRF, malware, email, and popups. Session hijacking attacks, connection-oriented protocol attacks, SQLi, SEO poisoning, Vishing, botnets, rootkits, buffer overflow, worms, viruses, Trojan horses, bot attacks, and spywares. | CSRF, malware, email (generic term), session hijacking attacks, connection-oriented protocol attacks (generic term), SQLi, botnets, rootkits, buffer overflow, worms, viruses, Trojan horses, bot attacks, and spywares. | 18 | 83.33 |
| [62] | 2019 | Behavior | - | Not discussed any attack, but suggested classification based on behavioural factors. | 0 | 0.00 |
| [45] | 2019 | Communication Type | Vishing, Phishing, Physical (F2F), Smishing, | Face-to-Face (Too generic term). Suggested but didn’t classify. | 4 | 0.00 |
| [19] | 2019 | None | phishing, impersonation on help desk calls, shoulder surfing, dumpster diving, stealing important documents, diversion theft, fake software, baiting, quid pro qou, pretexting, tailgating, Pop-Up windows, Robocalls, ransomware, online social engineering, RSE, fake software, SMSishing, physical access, phishing, spear-phishing, whaling, vishing, BEC, interactive voice response phishing, Pharming attacks | Ransomware, Online Social Engineering (general term),Phone Social Engineering Stealing (generic term), Important Documents (General action), Whitelisting flow.Didn’t classify the attack or proposed classification scheme. | 26 | 11.54 |
| [30] | 2020 | Human & Computer | Impersonation, Pretexting, Tailgating, Quid Pro Quo, Diversion Theft, Phishing, Spear-Phishing, Whaling, Clone-Phishing, Pharming, Website Phishing, Pop-Up Windows, XSS, Spyware, Malware, Worms, Rootkits, Botnets, Ransomware, Baiting, Trojans, KeyLoggers, Screen Loggers, Malicious Links, Fake Groups, Digital Impersonation, Fake Profiles, DNS Poisoning, SSL Attack, MIMT, Compromised Web Server Attack, Host File Poisoning, Session Hijacking, SEO Phishing, SMSishing, Mobile Apps, Vishing, Similarity Attacks, Forwarding Attacks, Background Attacks, Notification Attack, Floating Attacks, (VoIP) Phishing | Ransomware, Botnets, Cross-Site Scripting (XSS), Rootkits, Malware, Spyware, Worms, Trojans, Key Loggers, Screen Loggers, Session Hijacking, Host File Poisoning, Compromised Web Server Attack, Man-in-the-Middle Attack, Secure Socket Layer (SSL) Attack, DNS Poisoning, Background Attacks, Floating Attacks, | 40 | 55.00 |
| [37] | 2020 | Medium | Phishing (Email), Vishing, Smishing, Whaling, Spear Phishing, BEC, QRishing, Wiphishing, Social media phishing, Typo Squatting, Sound Squatting,Social Engineering, XSS (stored XSS and reflected XSS), SQLi, APT, browser sniffing, DNS cache poisoning, CAPTCHA Attack, Drive-by Download, Malvertizing, Session hijacking, Botnets, Browser Vulnerabilities, Tab-Napping, Skill squatting, 404 Error Manipulation, Click Jacking, Malicious Browsing Extensions Browser, MIMT, Application phishing, GUI-Squatting, Session Fixation, JavaScript Obfuscation, | Email (generic term), IM (Too generic term), Cross-Site Scripting (XSS), CAPTCHA Attack, Social Engineering (generic term), Browser Vulnerabilities, Tab-Napping, 404 Error Manipulation, Malicious Browsing Extensions, MIMT, Mobile Phones (Generic Term), GUI-Squatting, Session Fixation, JavaScript Obfuscation, Wiphishing, | 35 | 60.00 |
| [63] | 2020 | Operator, Type, Channel | online hoaxes or advance-fee fraud, credit card, high-tech disaster and identity theft fraud, web and e-mail spoofing, instant messaging fraud, and spamming, phishing | credit card, high-tech disaster (generic term). Not discussed any attack, but suggested classification type based on Operator, Type, and Channel. | 8 | 25.00 |
| [41] | 2021 | Computer & Human | BEC, Vishing, Smishing, Pharming, | Discussed the classification scheme, but didn’t classify | 4 | 0.00 |
| [64] | 2021 | Social, Technical, Socio-Technical, and Physical | Trojan (20 variants), SQLi, Espionage, DDoS, DoS, Brute-Force, Impersonation, Typo-squatting, Bots (7 Variants), Spoofing, Cyber-sabotage, e-skimming, Bit-Squatting, BEC, Mal-URLs, CryptoMinors, Malware (6, Other-13 variants, Ransomware-31 variants), Worms. | No attack discussed. Only the classification scheme was discussed, but it was not classified. | 91 | 95.60 |
| [32] | 2021 | Generic & Targeted | Phishing, Spare-Phishing | Discussed the classification scheme, but didn’t classify | 2 | 0.00 |
| [65] | 2021 | Operator, Methods, Nature | Impersonation, Shoulder surfing, Dumpster diving, Phishing, Spear-phishing, Whaling, Vishing, Angler, Baiting, Pretexting, Tailgating, Ransomware, Pop-up windows, Scareware, Smishing, Quid pro quo, | Ransomware, Phone Scam (generic term).Suggested classification based on Operator, Method and Nature. But, didn’t classify the attack. | 17 | 11.76 |
| [8] | 2021 | Technical & Deception | Phishing, Spare-phishing, Whaling, Vishing and Smishing, Spoofed Website, Soshing, Malware, Key Loggers, Screen Loggers, Viruses, Worms, Spyware, Adware, Ransomware, RootKit, Session Hijacking, Web Trojans, Hosts File Poisoning, System Reconfiguration Attack, MIMT, Content Injection Phishing, Pharming, DNS Piosoning, Data Theft, SEO Phishing, URL Obfuscation Attack, ARP Poisoning, DNS spoofing, | Ransomware, Malware, Key Loggers, Screen Loggers, Viruses, Worms, Data Theft (output not attack), RootKit, Session Hijacking, Web Trojans, Hosts File Poisoning, System Reconfiguration Attack, MIMT, Content Injection Phishing, ARP Poisoning, DNS spoofing | 29 | 68.97 |
| [66] | 2021 | Computer & Human | Persuasion, Impersonation, Tailgating, Piggybacking, Shoulder Surfing, Dumpster Diving, Phishing, Vishing, Watering Hole, Bot Attacks, Brand Theft, Typosquatting, Baiting, | Bot Attacks, Brand Theft (Generic term) | 13 | 15.38 |
| [44] | 2021 | Computer & Human | Impersonation, Shoulder Surfing, Pigggybacking, Trailing, Pretexting, Phishing, Web-Phishing, Smishing, Whaling, WiFi-Phishing, Trojan, Baiting, Water Hole, ATP. Ransomware, XSS, CSRF, Pop-up Window, F2F, MIMT, Dumpster Diving, Vishing, RSE, Spear-phishing, Honey trap, | Manipulating Conversation (generic term), Trojan attack, and Honey Trap. | 25 | 40.00 |
| [23] | 2021 | None | Impersonation, Shoulder Surfing, Trailing, Pretexting, Phishing, Smishing, Whaling, Trojan, Water Hole, Vishing, RSE, Spare-phishing, Honey trap, | Honey Trap, Manipulating conversation (too generic term, not an attack)No classification scheme, and didn’t classify | 13 | 7.69 |
| [43] | 2021 | Interaction | Impersonation, Shoulder surfing, Dumpster diving, Eavesdropping, Vishing, Tailgating, Quid pro quo, Phishing, Baiting, Pretexting, Water holing, Pop-up window | Found misclassification such as Vishing, Shoulder surfing and dumpster diving categorised in direct interaction, and phishing & pretexting in the indirect interaction category. | 12 | 0.00 |
| [39] | 2022 | Social, Technical, Mobile, Others | Website spoofing, Email spoofing, spear-phishing, Ransomware, Trojan, Content Injection, Keylogger, Screen Logger, MIMT, Smishing, Vishing, WiFi-Phishing, MalApp, Compromised Web-Server, Botnet, DNS Poisoning, Soshing | Website spoofing, Email Spoofing, Trojan horse, Content injection, Key logger, screen logger, man-in-the-middle attack, DNS poisoning, ransomware, compromised web server, | 17 | 41.18 |
| [11] | 2022 | Medium | drive-by-download, MITM, XSS, tabnapping, spear phishing, whaling, SEO Phishing, session fixation, malvertising, social engineering, JavaScript obfuscation, browser vulnerabilities, mobile phone, cloud computing and WiPhishing or Evil Twins, SQL injection, typo-squatting, and sound-squatting, ClickJacking, Pharming, Trojan, Tabnapping, | Browser Vulnerability, Clickjacking, XSS, Javascript Obfuscation, MIMT (Man-in-the-Middle), DNS Poisoning, Session Fixation, SQLi, Tabnapping, Cloud Computing, Mobile-Based (too general terms) | 23 | 34.78 |
| [52] | 2022 | Masquerading, Physical, Digital | pretexting, impersonation, physical reverse engineering (physical RE), and tailgating, passive surveillance, dumpster diving, open source reconnaissance, Vishing, Email Scam, Phishing, Smishing, Spear-phishing, Whaling, Soshing, Catphishing, Baiting, Shoulder Surfing, Web-RSE, Social-RSE, angler phishing, | Email scams (generic term), Web-RSE, and Social-RSE do not justify. Open source reconnaissance is an activity. | 19 | 15.79 |
| [28] | 2022 | Human & Technical | phishing | Discussed the classification scheme, but didn’t classify | 1 | 0.00 |
| [5] | 2023 | Behaviour, Emotion, Social, Cognitive | Phishing, Pretexting, Impersonation, Quid pro quo, Tailgating exploits | Multiclass categorisation issue | 5 | 0.00 |
| [4] | 2023 | Behavior | Dumpster Diving, fake profiles, Phishing, Vishing, Smishing, Fake Websites, Hosting Fake Online Advertisements, Malvertising, USB Dropping, Juice Jacking, Email Bombing, QRshing, SEO-phishing, Befriending, Sextortion:, | Web Application Hosting, Email Bombing, Juice Jacking, | 14 | 14.29 |
| [38] | 2024 | Human & Software | Impersonation, Pretexting, Quid pro quo, Dumpster diving, Shoulder surfing, Phishing, Spamming, Spear phishing, Whaling, Pharming, Website phishing, Pop-up windows, XSS, Malware, Virus, Worms, Spyware, Trojans, Botnets, Adware, Rootkits, Ransomware, Wiper, Mobile malware, Fileless malwar, Keyloggers, Screen Logger, Fake groups, Fake profiles, Malicious links, Digital impersonation, Baiting, Tailgating, watering hole, Sybil, Vicinity, Plug-in, Session hijacking, Host file poisoning, Graph-based, MIMT, SEO-phishing, Compromised web server, SSL attack, RSE, DNS poisoning, Smishing, Malicious apps, Vishing, Phishing, | Malware, Virus, Worms, Spyware, Trojans, Botnets, Rootkits, Ransomware, Wiper, Fileless malware, Key loggers,Social network (generic term), Cross-site scripting (XSS), Pop-up, Host file poisoning, Compromised web server, Man-in-the-Middle (MitM), SSL attack, DNS poisoning, Malicious apps (generic term), Plugin attacks, Session hijacking, Graph-based attack, Spamming, Sybil attack | 49 | 48.98 |
| [33] | 2024 | No Classification | Email Phishing, Phishing, Spear Phishing, Whaling, Smishing, VIsshing, Angler, Romance Scam, Online Dating Scam, Cat Phishing, Military Romance, Investment Scam, Social Media Scam, Baiting, USB Drop, Fake Job Posting, Fake Software Downloading, Free WiFi, Online Surveys, RSE Pretexting, Tailgating, Impersonation, Thread Hijacking, Flamewares, Trolling, Spamming, Astronfing, RSE, Scareware Fake Anti Virus, Ransomware, Tech Support | Hijacking (generic term), Flamewares, Scareware, Ransomware, Astronfing, Online Survey (generic term), Social Media Scam (generic term).Didn’t classify attacks, and there was a lack of description and evidence in many attacks | 30 | 46.67 |
| [48] | 2024 | Environment | Phishing, Spear phishing, Smishing, Vishing, Whaling, Baiting, quid pro quo, watering hole, Dumpster diving, Pretexting, shoulder surfing, piggybacking, Scareware, RSE, keyloggers, spyware, | key loggers, spyware, | 16 | 12.5 |
