Phishing as Cyber Fraud: The Implications and Governance

Nur Farhana Mohd Zaharon, Mazurina Mohd Ali


Internet technology brings a revolutionary change in modern living and socio-economic transactions. The nature of high-speed Internet allows Internet users to become ignorant of their data and information transparency. This behavior gives rise to phishing attacks by cybercriminals. Cybercriminals are highly trained people including in performing social engineering tactics to deceive internet users. Therefore, Internet users must know about phishing. This paper aims to explore phishing as cyber fraud, including the implications of phishing attacks and the governance to prevent phishing attacks. This study benefits individuals, companies, the government, and the public to increase phishing awareness and mitigate phishing attacks.



Keywords: phishing, cyber fraud, risk, risk management, Internet, technology.


Full Text:



ALBRECHT, W.S., & ALBRECHT, C. (2004). Fraud examination & prevention. Mason, Ohio: Thomson/South-Western.

ANTI-PHISHING WORKING GROUP. (2020). Phishing Activity Trends Report: 2nd Quarter 2018. Unifying the Global Response to Cybercrime. Retrieved from

ARACHCHILAGE, N.A.G., & LOVE, S. (2014). Security awareness of computer users: A phishing threat avoidance perspective. Computers in Human Behavior, 38, 304-312.


BERNAMA. (2020). Bantuan Prihatin: LHDN nafi minta maklumat perbankan menerusi SMS bernama. Sinar Harian. Retrieved from

CENTRAL BANK OF MALAYSIA. (2020). Risk Management in Technology (RMiT). Retrieved from

CHAUDHRY, J.A., CHAUDHRY, S.A., & RITTENHOUSE, R.G. (2016). Phishing attacks and defenses. International Journal of Security and Its Applications, 10(1), 247-256.

CHHABRA, G.S., & BAJWA, D.S. (2015). Review of E-mail System, Security Protocols and Email Forensics. International Journal of Computer Science & Communication Networks, 5(3), 201-211. Retrieved from

CLOUDFLARE. (2021). What is HTTPS? Retrieved from

FINAMORE, A., VARVELLO, M., & PAPAGIANNAKI, K. (2017). Mind the gap between HTTP and HTTPS in mobile networks. In KAAFAR, M., UHLIG, S., & AMANN, J. (eds.) Passive and Active Measurement. PAM 2017. Lecture Notes in Computer Science, Vol. 10176. Cham: Springer, pp. 217-228.

GUPTA, B.B., TEWARI, A., JAIN, A.K., & AGRAWAL, D.P. (2017). Fighting against phishing attacks: state of the art and future challenges. Neural Computing and Applications, 28, 3629–3654.

GUPTA, S., SINGHAL, A., & KAPOOR, A. (2016). A literature survey on social engineering attacks: phishing attack. The International Conference on Computing, Communication and Automation, Noida, India, 29-30 April 2016, pp. 537-540.

HANNA, K.T., FERGUSON, K., & BEAVER, K. (2021). Data breach. Search Security. Retrieved from

HSU, C., & WANG, T. (2015). Composition of the Top Management Team and Information Security Breaches. In CRUZ-CUNHA, M., & PORTELA, I. (eds.) Handbook of Research on Digital Crime, Cyberspace Security, and Information Assurance. Hershey, Pennsylvania: IGI Global, pp. 116-134. http://doi:10.4018/978-1-4666-6324-4.ch008

IKHSAN, M.G., & RAMLI, K. (2019). Measuring the information security awareness level of government employees through phishing assessment. The 34th International Technical Conference on Circuits/Systems, Computers and Communications, JeJu, Korea (South), 23-26 June 2019.

JAIN, A.K., & GUPTA, B.B. (2017). Phishing detection: Analysis of visual similarity-based approaches. Security and Communication Networks, 2017, 2017, 5421046.

KAMRUZZAMAN, M., ISLAM, M.A., ISLAM, M.S., HOSSAIN, M.S., & HAKIM, M.A. (2016). Plight of youth perception on cyber crime in South Asia. American Journal of Information Science and Computer Engineering, 2(4), 22-28. Retrieved from

KANKANHALLI, A., TEO, H.H., TAN, B.C.Y., & WEI, K.K. (2003). An integrative study of information systems security effectiveness. International Journal of Information Management, 23(2), 139-154.

KATKURI, S. (2018). Indian Cyber Law. International Journal of Advanced Research and Development, 3(1), 640-644. Retrieved from

KAZEMI, M., KHAJOUEI, H., & NASRABADI, H. (2012). Evaluation of information security management system success factors: Case study of municipal organization. African Journal of Business Management, 6(14), 4982-4989.

KENNEDY, L.Z., CHIASSON, S., & OORSCHOT, P.V. (2016). Revisiting password rules: Facilitating human management of passwords. The APWG Symposium on Electronic Crime Research (eCrime), Toronto, Canada, 1-3 June 2016.

KIM, S.H., JANG, S.Y., & YANG, K.H. (2016). Analysis of the determinants of software-as-a-service adoption in small businesses: risks, benefits, and organizational and environmental factors. Journal of Small Business Management, 55(2), 303-325.

KROMBHOLZ, K., HOBEL, H., HUBER, M., & WEIPPL, E. (2015). Advanced Social Engineering Attacks. Journal of Information Security and Applications, 22, 113-122.

MALAYSIA COMPUTER EMERGENCY RESPONSE TEAM (MYCERT). (2021). Incident statistics. Retrieved from

MALAYSIAN ADMINISTRATIVE MODERNIZATION AND MANAGEMENT PLANNING. (2016). Rangka Kerja Keselamatan Siber Sektor Awam. Retrieved from

MALAYSIAN AIRLINES. (2020). Malaysia Airlines Cautions Customers of Fake Website. Retrieved from


MARTINO, A.S., & PERRAMON, X. (2011). Phishing Secrets: History, Effects, Countermeasures. International Journal of Network Security, 11(3), 163-171. Retrieved from

MASREK, M.N., HARUN, Q.N., & RAMLI, I. (2019). The Role of Top Management in Information Security Practices. The 6th International Conference on Education, Social Sciences and Humanities, Istanbul, Turkey, 24-26 June 2019. Retrieved from

MAURYA, S., & JAIN, A. (2020). Deep learning to combat phishing. Journal of Statistics and Management Systems, 23(6), 945-957.

MCCOMBIE, S., & PIEPRZYK, J. (2010). Winning the phishing war: A strategy for Australia. The 2nd Cybercrime and Trustworthy Computing Workshop, Ballarat, Australia, 19-20 July 2010.

MEIKENG, Y. (2020). Cybersecurity cases rise by 82.5%. The Star. Retrieved from

MOHAMMAD, R.M., THABTAH, F., & MCCLUSKEYA, L. (2015). Tutorial and critical analysis of phishing websites methods. Computer Science Review, 17, 1-24.

NORDIN, R. (2020). Cops record 20% increase in phone scams during MCO period. The Star. Retrieved from

PHISHLABS. (2018). Phishing Trends and Intelligence Report 2018. Retrieved from

RAHIM, R. (2020). IRB warns of fraudsters impersonating its officers in 'tax arrears' scam. The Star. Retrieved from

RAO, S.R., & PAIS, A.R. (2019). Jail-Phish: An improved search engine-based phishing detection system. Computers and Security, 83, 246-267.

ROMNEY, M.B., & STEINBART, P.J. (2018). Accounting Information Systems. 14th ed. London: Pearson Education.

SANCHEZ, F., & DUAN, Z. (2012). A sender-centric approach to detecting phishing e-mails. The International Conference on Cyber Security, Alexandria, Virginia, USA, 14-16 December 2012.

SECURITIES COMMISSION MALAYSIA. (2016). Guidelines on Management of Cyber Risk. Retrieved from

SONNENSCHEIN, R., LOSKE, A., & BUXMANN, P. (2017). The Role of Top Managers' IT Security Awareness in Organizational IT Security Management. The International Conference on Information Systems, Seoul, South Korea, 10-13 December 2017.

SPECIAL TO THE TIMES. (2020). CBI issues alert about possible ID theft scams over 4th of July weekend. The Fort Morgan Times. Retrieved from

SUGANYA, V. (2016). A review on phishing attacks and various anti phishing techniques. International Journal of Computer Applications, 139(1), 20-23.

VAN KESSEL, P. (2018). Is cybersecurity about more than protection? Retrieved from

VUČKOVIĆ, Z., VUKMIROVIĆ, D., MILENKOVIĆ, M.J., RISTIĆ, S., & PRLJIĆ, K. (2018). Analyzing of e-commerce user behavior to detect identity theft. Physica A: Statistical Mechanics and its Applications, 511, 331-335.

WARDMAN, B. (2016). Assessing the gap: Measure the impact of phishing on an organization. The 12th Annual ADFSL Conference on Digital Forensics, Security and Law, Daytona Beach, Florida. Retrieved from

WHITAKER, B. (2007). Never too young to have your identity stolen. The New York Times. Retrieved from

YEBOAH-BOATENG, E.O., & AMANOR, P.M. (2014). Phishing, SMiShing & Vishing: An assessment of threats against mobile devices. Journal of Emerging Trends in Computing and Information Sciences, 5(4), 297-307. Retrieved from

YEOH, A. (2020). LHDN warns of SMS scam targeting Bantuan Prihatin Nasional recipients. The Star. Retrieved from

ZAHARI, A.I., BILLU, R., & SAID, J. (2017). E-Commerce Fraud: An Investigation of Familiarity, Trust and Awareness Impact towards Online Fraud. Retrieved from


  • There are currently no refbacks.