Abstract: Phishing, as a form of social engineering attack, aims to deceive victims by masquerading as a trustworthy entity such as a bank, social media platform, or government agency, using false emails, websites, or messages. Researchers primarily employ various technological means to detect phishing attacks, yet current detection studies face three main challenges. Firstly, attackers employ disguise, exploit vulnerabilities, and employ evasion techniques to evade detection. Secondly, existing detection methods suffer from poor interpretability, low real-time capabilities, and issues like concept drift. Lastly, due to insufficient interpretability, users may lack trust in the detection results. This paper summarizes the current detection researches from the aspects of application scenarios, datasets, detection methods, etc., and puts forward the current problems and prospects the possible research hotspots in the future.