Phishing attacks continue to evolve, posing dual challenges of adversarial evasion and poor generalization for existing detection methods. This paper presents a systematic review of phishing webpage detection research from 2015 to 2023 and proposes the first three-dimensional classification framework integrating URL-level features, HTML/JavaScript content analysis, and visual similarity matching. Through cross-dimensional comparative analysis, we identify critical gaps across these modalities—namely, low real-time performance against dynamic redirections, high false-positive rates due to obfuscated scripts, and weak generalization of visual templates across brand variants. We further outline promising future directions: lightweight multimodal fusion, adversarially robust training, and updatable visual fingerprints. Our work provides both theoretical foundations and concrete technical pathways toward next-generation adaptive phishing defense systems.

In the realm of cybersecurity, phishing stands as a prevalent cyber attack, where attackers employ various tactics to deceive users into gathering their sensitive information, potentially leading to identity theft or financial gain. Researchers have been actively working on advancing phishing webpage detection approaches to detect new phishing URLs, bolstering user protection. Nonetheless, the ever-evolving strategies employed by attackers, aimed at circumventing existing detection approaches and tools, present an ongoing challenge to the research community. This survey presents a systematic categorization of diverse phishing webpage detection approaches, encompassing URL-based, webpage content-based, and visual techniques. Through a comprehensive review of these approaches and an in-depth analysis of existing literature, our study underscores current research gaps in phishing webpage detection. Furthermore, we suggest potential solutions to address some of these gaps, contributing valuable insights to the ongoing efforts to combat phishing attacks.