Analiza bibliometryczna phishingu

Patryk Król

doi:10.26354/bb.3.4.101.2025

Published : 2026-02-18

Vol. 101 No. 4 (2025)

Bibliometric analysis of phishing

Patryk Król

https://orcid.org/0000-0003-4079-8849

DOI: https://doi.org/10.26354/bb.3.4.101.2025

Abstract

Purpose: This article presents a comprehensive bibliometric analysis of scientific literature on phishing with particular emphasis on the banking and financial sector, aiming to identify key research trends, influential authors, and prospective development directions in the period 2003-2024.

Methodology: The study employs the bibliometrix tool and Web of Science database data comprising 4,245 documents from 2,355 sources. The analysis is characterized by an annual publication growth rate of 16.35% with an average of 13.73 citations per document. The corpus contains publications by 11,755 authors with 91,018 references, reflecting the multidisciplinary nature of the research field.

Results: IEEE Access dominates with 135 publications, while Computers & Security ranks second with 104 publications. Carnegie Mellon University leads among institutions with 75 publications. The analysis reveals evolution from traditional defense methods (2006-2015) toward artificial intelligence and blockchain technologies (2020-2024). The most frequently cited publications are works by Jagatic et al. (2007) - 540 citations and Anderson (2006) - 385 citations. Identification of two main thematic clusters indicates a dichotomy between security research and detection methods based on modeling.

Conclusions: Phishing research in the financial sector is characterized by intensive development with a paradigm shift toward personalized detection systems utilizing machine learning. Future directions include interdisciplinary research combining technical with behavioral aspects and application of blockchain technology in identity verification systems.

Keywords:

phishing, cybersecurity, banking sector, bibliometric analysis, machine learning, blockchain, financial security

JEL Codes

G21, G28, O33, C80

Most read articles by the same author(s)

Patryk Król, Phishing as the main threat to digital banking security , Safe Bank: Vol. 94 No. 1 (2024)
Patryk Król, Skimming as a threat to mobile banking security , Safe Bank: Vol. 96 No. 3 (2024)
Patryk Król, Ransomware as a threat to the security of critical infrastructure, with a focus on the financial system , Safe Bank: Vol. 98 No. 1 (2025)

Details

References

Statistics

Authors

Download files

pdf (Język Polski)
ENG_pdf

Citation rules

Król, P. (2026). Bibliometric analysis of phishing. Safe Bank, 101(4), 48–63. https://doi.org/10.26354/bb.3.4.101.2025

Altmetric indicators

Cited by / Share

Licence

This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.

References

Abdajabar A., Idbeaa, T. (2024). Cybercrime’s Threat to Financial Institutions During COVID-19. AlQalam Journal of Medical and Applied Sciences, 46–52.

Anderson R., Moore T. (2006). The economics of information security. Science, 314(5799), 610–613.

Aria M., Cuccurullo C. (2017). Bibliometrix: An R-tool for comprehensive science mapping ana- lysis. „Journal of Informetrics”, 11(4), 959–975.

Bakarich K.M., Baranek D. (2020). Something phish-y is going on here: A teaching case on busi- ness email compromise. „Current Issues in Auditing”, 14(1), A1–A9. https://doi.org/10.2308/ ciia-52706

Basu K. (2018). Markets and manipulation: Time for a paradigm shift? „Journal of Economic Literature”, 56(1), 185–205. https://doi.org/10.1257/jel.20161410

Bayl-Smith P., Sturman D., Wiggins M. (2020). Cue utilization, phishing feature and phishing email detection, [w:] Financial Cryptography and Data Security, FC 2020 (s. 56–70). Springer. https://doi.org/10.1007/978-3-030-54455-3_5

Bhatt P., Obaidat M.S., Dangwal G., Das A.K., Wazid M., Sadoun B. (2024). Machine learning-ba- sed security mechanism for detecting phishing attacks, [w:] 2024 International Conference on Communications, Computing, Cybersecurity, and Informatics (CCCI) (s. 1–6). IEEE. https://doi. org/10.1109/CCCI61916.2024.10736460

Das S., Abbott J., Gopavaram S., Blythe J., Camp L. J. (2020). User-centered risk communication for safer browsing, [w:] International conference on financial cryptography and data security (s. 18–35). Cham: Springer International Publishing. https://doi.org/10.1007/978-3-030- 54455-3_2

Do N.Q., Selamat A., Krejcar O., Herrera-Viedma E., Fujita H. (2022). Deep learning for phishing detection: Taxonomy, current challenges and future directions. Ieee Access, 10, 36429–36463. https://doi.org/10.1109/ACCESS.2022.3151903

Donthu N., Kumar S., Mukherjee D., Pandey N., Lim W.M. (2021). How to conduct a bibliome- tric analysis: An overview and guidelines. „Journal of business research”, 133, 285–296.

Egelman S., Cranor L.F., Hong J. (2008). You’ve been warned: An empirical study of the effecti- veness of web browser phishing warnings. Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, 1065–1074.

Grier C., Ballard L., Caballero J., Chachra N., Dietrich C.J., Levchenko K., …, Voelker G.M. (2010). Manufacturing compromise: The emergence of exploit-as-a-service. Proceedings of the 17th ACM Conference on Computer and Communications Security, 821–832. https://doi. org/10.1145/1866307.1866311

Herley C., Florêncio D. (2010). Nobody sells gold for the price of silver: Dishonesty, uncertainty and the underground economy, [w:] Economics of Information Security and Privacy (s. 33–53). Springer. https://doi.org/10.1007/978-1-4419-6967-5_3

Hong J. (2012). The state of phishing attacks. Communications of the ACM, 55(1), 74–81. https://doi.org/10.1145/2063176.2063197

Hornuf L., Kück T., Schwienbacher A. (2022). Initial coin offerings, information disclosure, and fraud. „Small Business Economics”, 58(4), 1741–1759. https://doi.org/10.1007/s11187- 021-00471-y

Jagatic T.N., Johnson N.A., Jakobsson M., Menczer F. (2007). Social phishing. „Communications of the ACM”, 50(10), 94–100. https://doi.org/10.1145/1290958.1290968

Khonji M., Iraqi Y., Jones A. (2013). Phishing detection: A literature survey. IEEE Communications Surveys i Tutorials, 15(4), 2091–2121. https://doi.org/10.1109/SURV.2013.032213.00009

Król P. (2024). Phishing jako zagrożenie dla bezpieczeństwa bankowości cyfrowej. „Bezpieczny Bank”, 94(1), 25–42. https://doi.org/10.26354/bb.2.1.94.2024

Krombholz K., Hobel H., Huber M., Weippl E. (2015). Advanced social engineering attacks.

„Journal of Information Security and Applications”, 22, 113–122. https://doi.org/10.1016/j. jisa.2014.09.005

Mutlutürk M., Metin B. (2023). Mapping The Phishing Attacks Research Landscape: A Biblio- metric Analysis And Taxonomy. „J. Theor. Appl. Inf. Technol”, 101, 6758–6780.

Mutlutürk M., Wynn M., Metin B. (2024). Phishing and the Human Factor: Insights from a Bi- bliometric Analysis. „Information”, 15(10), 643. https://doi.org/10.3390/info15100643

Mwavali A. (2024). Combating phishing in Kenya: A supervised learning model for enhanced email security in Kenyan financial institutions. „International Journal of Technology and Sys- tems”, 9(4), 23–36.

Nwafor K.C., Ikudabo A.O., Onyeje C.C., Ihenacho D.O.T. (2024). Mitigating cybersecurity risks in financial institutions: The role of AI and data analytics. „International Journal of Science and Research Archive”, 13(01), 2895–2910.

O’Leary D.E. (2019). What phishing e-mails reveal: An exploratory analysis of phishing at- tempts using text analysis. „Journal of Information Systems”, 33(3), 285–307. https://doi. org/10.2308/isys-52481

Olifer D., Goranin N., Kaceniauskas A., Cenys A. (2017). Controls-based approach for evaluation of information security standards implementation costs. „Technological and Economic Deve- lopment of Economy”, 23(1), 196–219. https://doi.org/10.3846/20294913.2017.1280558

Olowu O., Adeleye A.O., Omokanye A.O., Ajayi A.M., Adepoju A.O., Omole O.M., Chianumba E.C. (2024). AI-driven fraud detection in banking: A systematic review of data science approaches to enhancing cybersecurity. „Advanced Research and Review”, 21(2), 227–237.

Perwej Y., Abbas S.Q., Dixit J.P., Akhtar N., Jaiswal A.K. (2021). A systematic literature review on the cyber security. „International Journal of scientific research and management{, 9(12), 669–710.

Sahingoz O.K., Buber E., Demir O., Diri B. (2019). Machine learning based phishing detection from URLs. „Expert Systems with Applications{, 117, 345–357. https://doi.org/10.1016/ j.eswa.2018.09.029

Sheng S., Holbrook M., Kumaraguru P., Cranor L.F., Downs J. (2010). Who falls for phish? A de- mographic analysis of phishing susceptibility and effectiveness of interventions. „Proceedings of the SIGCHI Conference on Human Factors in Computing Systems”, 373–382.

Shkarlet S., Dubyna M., Zhuk O. (2018). Determinants of the financial services market functio- ning in the era of the informational economy development. „Baltic Journal of Economic Stu- dies”, 4(3), 349–357. https://doi.org/10.30525/2256-0742/2018-4-3-349-357

Taylor-Jackson J., McAlaney J., Ashenden D., Dale J. (2020). Incorporating psychology into cy- ber security education: A pedagogical approach, [w:] Financial Cryptography and Data Securi- ty, FC 2020 (s. 207–217). Springer. https://doi.org/10.1007/978-3-030-54455-3_15

Villanueva J., Sebastian J., Dextre J. (2024, July). Web Portal Validation Model by Digital Signa- ture and ISO 27002 to Reduce Private Credentials Theft for Phishing Attacks to Financial Sector Customers, [w:] 2024 International Conference on Electrical, Computer and Energy Technolo- gies (ICECET) (s. 1–5). IEEE.

Xiang G., Hong J., Rose C.P., Cranor L. (2011). CANTINA+: A feature-rich machine learning fra- mework for detecting phishing web sites. „ACM Transactions on Information and System Secu- rity”, 14(2), 1–28. https://doi.org/10.1145/2019599.2019606

Yuspin W., Putri A.O., Fauzie A., Pitaksantayothin J. (2024). Digital Banking Security: Internet Phishing Attacks, Analysis and Prevention of Fraudulent Activities. „International Journal of Safety & Security Engineering”, 14(6).

Zhuo S., Biddle R., Koh Y.S., Lottridge D., Russello G. (2023). SoK: Human-centered phishing susceptibility. „ACM Transactions on Privacy and Security”, 26(3), 1–27.