Daniel Timko,Muhammad Lutfor Rahman

DOI: https://doi.org/10.1145/3558482.3590173

2024-04-29

Abstract:Smishing, also known as SMS phishing, is a type of fraudulent communication in which an attacker disguises SMS communications to deceive a target into providing their sensitive data. Smishing attacks use a variety of tactics; however, they have a similar goal of stealing money or personally identifying information (PII) from a victim. In response to these attacks, a wide variety of anti-smishing tools have been developed to block or filter these communications. Despite this, the number of phishing attacks continue to rise. In this paper, we developed a test bed for measuring the effectiveness of popular anti-smishing tools against fresh smishing attacks. To collect fresh smishing data, we introduce

Cryptography and Security

Daniel Timko,Daniel Hernandez Castillo,Muhammad Lutfor Rahman

2024-05-30

Abstract:With the booming popularity of smartphones, threats related to these devices are increasingly on the rise. Smishing, a combination of SMS (Short Message Service) and phishing has emerged as a treacherous cyber threat used by malicious actors to deceive users, aiming to steal sensitive information, money or install malware on their mobile devices. Despite the increase in smishing attacks in recent years, there are very few studies aimed at understanding the factors that contribute to a user's ability to differentiate real from fake messages. To address this gap in knowledge, we have conducted an online survey on smishing detection with 187 participants. In this study, we presented them with 16 SMS screenshots and evaluated how different factors affect their decision making process in smishing detection. Next, we conducted a post-survey to garner information on the participants' security attitudes, behavior and knowledge. Our results highlighted that attention and security behavioral scores had a significant impact on participants' accuracy in identifying smishing messages. We found that participants had more difficulty identifying real messages from fake ones, with an accuracy of 67.1% with fake messages and 43.6% with real messages. Our study is crucial in developing proactive strategies to encounter and mitigate smishing attacks. By understanding what factors influence smishing detection, we aim to bolster users' resilience against such threats and create a safer digital environment for all.

Cryptography and Security,Human-Computer Interaction

Muhammad Salman,Muhammad Ikram,Mohamed Ali Kaafar

DOI: https://doi.org/10.48550/arXiv.2210.10451

2022-10-19

Abstract:The short message service (SMS) was introduced a generation ago to the mobile phone users. They make up the world's oldest large-scale network, with billions of users and therefore attracts a lot of fraud. Due to the convergence of mobile network with internet, SMS based scams can potentially compromise the security of internet services as well. In this study, we present a new SMS scam dataset consisting of 153,551 SMSes. This dataset that we will release publicly for research purposes represents the largest publicly-available SMS scam dataset. We evaluate and compare the performance achieved by several established machine learning methods on the new dataset, ranging from shallow machine learning approaches to deep neural networks to syntactic and semantic feature models. We then study the existing models from an adversarial viewpoint by assessing its robustness against different level of adversarial manipulation. This perspective consolidates the current state of the art in SMS Spam filtering, highlights the limitations and the opportunities to improve the existing approaches.

Cryptography and Security

Mingxuan Liu,Yiming Zhang,Baojun Liu,Zhou Li,Haixin Duan,Donghong Sun

DOI: https://doi.org/10.1145/3485832.3488012

2021-01-01

Abstract:Although spearphishing is a well-known security issue and has been widely researched, it is still an evolving threat with emerging forms. In recent years, Short Message Service (SMS) has been revealed as a new distribution channel for spearphishing messages, which already has caused a serious impact in the real world, but has not yet attracted enough attention from the academic community. In this paper, we report the first systemic study to spotlight this emerging threat, SMS spearphishing attack. Through cooperating with a leading security vendor, we obtain 31.96M real-world spam messages that span three months. We design and implement a novel NLP-based detection algorithm, and uncover 90,801 spearphishing messages on the entire dataset. And then, a large-scale measurement was performed on the detected messages to reveal and understand the characteristics of SMS spearphishing attack. Our findings are multi-fold. We discover that SMS spearphishing has a significant negative impact on the real-world, and a large number of victims have been affected. And the distribution of active illicit types between spearphishing message and common spam is quite inconsistent. At the micro-level, to evade detection and increase the probability of success, adversary campaigns have evolved a set of sophisticated strategies. Our research highlights the impact of SMS spearphishing attack is prominent. We call on different communities to work together to mitigate this emerging security threat.

Jae Woo Seo,Jong Sung Lee,Hyunwoo Kim,Joonghwan Lee,Seongwon Han,Jungil Cho,Choong-Hoon Lee

DOI: https://doi.org/10.1109/access.2024.3349577

IF: 3.9

2024-01-01

IEEE Access

Abstract:Smishing (SMS phishing) is a cybercrime in which criminals send fraudulent messages, including malicious links, to steal the victims’ private data or cause financial losses. The damage caused by smishing has become more severe, particularly with the proliferation of mobile devices. In smishing, a major difficulty faced by victims is discrimination between normal and smishing messages. To resolve this problem, we present an on-device smishing classifier based on a deep-learning model. In real-world scenarios, access to a substantial, authentic dataset is crucial. We trained and evaluated the classifier using real SMS datasets containing approximately 250,000 smishing messages and 950,000 normal messages obtained from victims in Korea. To ensure privacy, the classifier operates solely on mobile devices without externally transmitting any data. It utilizes a lightweight method that does not require significant computing power on mobile devices. We explored several models to determine a suitable model for mobile devices and optimized it using real datasets. Furthermore, our statistical analysis of actual smishing messages revealed that 98% of smishing messages are variants of previously sent messages. To address the prevalence of variant smishing messages, we propose a text evasion attack tool called EVA that is capable of generating pseudo-variant messages from a given message using an adversarial attack approach. We used this tool to evaluate and enhance the robustness of our classifier against various messages. Our classifier exhibited exceptional classification accuracy (0.99) while being lightweight (at 127 kB) and robust against variant smishing messages (attack success rate of 0.41).

computer science, information systems,telecommunications,engineering, electrical & electronic

Cori Faklaris,Heather Richter Lipford,Sarah Tabassum

DOI: https://doi.org/10.48550/arXiv.2309.06322

IF: 6.4588

2023-09-12

Human-Computer Interaction

Abstract:As adoption of mobile phones has skyrocketed, so have scams involving them. The text method is called SMiShing, (aka SMShing, or smishing) in which a fraudster sends a phishing link via Short Message Service (SMS) text to a phone. However, no data exists on who is most vulnerable to SMiShing. Prior work in phishing (its e-mail cousin) indicates that this is likely to vary by demographic and contextual factors. In our study, we collect this data from N=1007 U.S. adult mobile phone users. Younger people and college students emerge in this sample as the most vulnerable. Participants struggled to correctly identify legitimate messages and were easily misled when they knew they had an account with the faked message entity. Counterintuitively, participants with higher levels of security training and awareness were less correct in rating possible SMiSH. We recommend next steps for researchers, regulators and telecom providers.

Muhammad Salman,Muhammad Ikram,Mohamed Ali Kaafar

DOI: https://doi.org/10.1109/access.2024.3364671

IF: 3.9

2024-02-20

IEEE Access

Abstract:The persistence of SMS spam remains a significant challenge, highlighting the need for research aimed at developing systems capable of effectively handling the evasive strategies used by spammers. Such research efforts are important for safeguarding the general public from the detrimental impact of SMS spam. In this study, we aim to highlight the challenges encountered in the current landscape of SMS spam detection and filtering. To address these challenges, we present a new SMS dataset comprising more than 68K SMS messages with 61% legitimate (ham) SMS and 39% spam messages. Notably, this dataset, we release for further research, represents the largest publicly available SMS spam dataset to date. To characterize the dataset, we perform a longitudinal analysis of spam evolution. We then extract semantic and syntactic features to evaluate and compare the performance of well-known machine learning based SMS spam detection methods, ranging from shallow machine learning approaches to advanced deep neural networks. We investigate the robustness of existing SMS spam detection models and popular anti-spam services against spammers' evasion techniques. Our findings reveal that the majority of shallow machine learning based techniques and anti-spam services exhibit inadequate performance when it comes to accurately classifying SMS spam messages. We observe that all of the machine learning approaches and anti-spam services are susceptible to various evasive strategies employed by spammers. To address the identified limitations, our study advocates for researchers to delve into these areas to advance the field of SMS spam detection and anti-spam services.

computer science, information systems,telecommunications,engineering, electrical & electronic

Grega Vrbančič,Iztok Fister Jr,Vili Podgorelec

DOI: https://doi.org/10.1016/j.dib.2020.106438

2020-10-23

Abstract:Phishing stands for a fraudulent process, where an attacker tries to obtain sensitive information from the victim. Usually, these kinds of attacks are done via emails, text messages, or websites. Phishing websites, which are nowadays in a considerable rise, have the same look as legitimate sites. However, their backend is designed to collect sensitive information that is inputted by the victim. Discovering and detecting phishing websites has recently also gained the machine learning community's attention, which has built the models and performed classifications of phishing websites. This paper presents two dataset variations that consist of 58,645 and 88,647 websites labeled as legitimate or phishing and allow the researchers to train their classification models, build phishing detection systems, and mining association rules.

Ho Sung Shim,Hyoungjun Park,Kyuhan Lee,Jang-Sun Park,Seonhye Kang

2024-10-18

Abstract:Smishing, which aims to illicitly obtain personal information from unsuspecting victims, holds significance due to its negative impacts on our society. In prior studies, as a tool to counteract smishing, machine learning (ML) has been widely adopted, which filters and blocks smishing messages before they reach potential victims. However, a number of challenges remain in ML-based smishing detection, with the scarcity of annotated datasets being one major hurdle. Specifically, given the sensitive nature of smishing-related data, there is a lack of publicly accessible data that can be used for training and evaluating ML models. Additionally, the nuanced similarities between smishing messages and other types of social engineering attacks such as spam messages exacerbate the challenge of smishing classification with limited resources. To tackle this challenge, we introduce a novel data augmentation method utilizing a few-shot prompt learning approach. What sets our approach apart from extant methods is the use of the principles of persuasion, a psychology theory which explains the underlying mechanisms of smishing. By designing prompts grounded in the persuasion principles, our augmented dataset could effectively capture various, important aspects of smishing messages, enabling ML models to be effectively trained. Our evaluation within a real-world context demonstrates that our augmentation approach produces more diverse and higher-quality smishing data instances compared to other cutting-edging approaches, leading to substantial improvements in the ability of ML models to detect the subtle characteristics of smishing messages. Moreover, our additional analyses reveal that the performance improvement provided by our approach is more pronounced when used with ML models that have a larger number of parameters, demonstrating its effectiveness in training large-scale ML models.

Social and Information Networks,Artificial Intelligence

Ashfak Md Shibli,Mir Mehedi A. Pritom,Maanak Gupta

2024-02-15

Abstract:SMS phishing, also known as "smishing", is a growing threat that tricks users into disclosing private information or clicking into URLs with malicious content through fraudulent mobile text messages. In recent past, we have also observed a rapid advancement of conversational generative AI chatbot services (e.g., OpenAI's ChatGPT, Google's BARD), which are powered by pre-trained large language models (LLMs). These AI chatbots certainly have a lot of utilities but it is not systematically understood how they can play a role in creating threats and attacks. In this paper, we propose AbuseGPT method to show how the existing generative AI-based chatbot services can be exploited by attackers in real world to create smishing texts and eventually lead to craftier smishing campaigns. To the best of our knowledge, there is no pre-existing work that evidently shows the impacts of these generative text-based models on creating SMS phishing. Thus, we believe this study is the first of its kind to shed light on this emerging cybersecurity threat. We have found strong empirical evidences to show that attackers can exploit ethical standards in the existing generative AI-based chatbot services by crafting prompt injection attacks to create newer smishing campaigns. We also discuss some future research directions and guidelines to protect the abuse of generative AI-based services and safeguard users from smishing attacks.

Cryptography and Security,Artificial Intelligence

Siyuan Tang,Xianghang Mi,Ying Li,XiaoFeng Wang,Kai Chen

DOI: https://doi.org/10.48550/arXiv.2204.01233

2022-04-04

Cryptography and Security

Abstract:With its critical role in business and service delivery through mobile devices, SMS (Short Message Service) has long been abused for spamming, which is still on the rise today possibly due to the emergence of A2P bulk messaging. The effort to control SMS spam has been hampered by the lack of up-to-date information about illicit activities. In our research, we proposed a novel solution to collect recent SMS spam data, at a large scale, from Twitter, where users voluntarily report the spam messages they receive. For this purpose, we designed and implemented SpamHunter, an automated pipeline to discover SMS spam reporting tweets and extract message content from the attached screenshots. Leveraging SpamHunter, we collected from Twitter a dataset of 21,918 SMS spam messages in 75 languages, spanning over four years. To our best knowledge, this is the largest SMS spam dataset ever made public. More importantly, SpamHunter enables us to continuously monitor emerging SMS spam messages, which facilitates the ongoing effort to mitigate SMS spamming. We also performed an in-depth measurement study that sheds light on the new trends in the spammer's strategies, infrastructure and spam campaigns. We also utilized our spam SMS data to evaluate the robustness of the spam countermeasures put in place by the SMS ecosystem, including anti-spam services, bulk SMS services, and text messaging apps. Our evaluation shows that such protection cannot effectively handle those spam samples: either introducing significant false positives or missing a large number of newly reported spam messages.

Belal Amro

DOI: https://doi.org/10.4236/jcc.2018.62003

2018-02-13

Abstract:The rapid evolution in mobile devices and communication technology has increased the number of mobile device users dramatically. The mobile device has replaced many other devices and is used to perform many tasks ranging from establishing a phone call to performing critical and sensitive tasks like money payments. Since the mobile device is accompanying a person most of his time, it is highly probably that it includes personal and sensitive data for that person. The increased use of mobile devices in daily life made mobile systems an excellent target for attacks. One of the most important attacks is phishing attack in which an attacker tries to get the credential of the victim and impersonate him. In this paper, analysis of different types of phishing attacks on mobile devices is provided. Mitigation techniques - anti-phishing techniques - are also analyzed. Assessment of each technique and a summary of its advantages and disadvantages is provided. At the end, important steps to guard against phishing attacks are provided. The aim of the work is to put phishing attacks on mobile systems in light, and to make people aware of these attacks and how to avoid them

Cryptography and Security

Yekai Li,Rufan Zhang,Wenxin Rong,Xianghang Mi

2024-04-15

Abstract:In this study, we introduce SpamDam, a SMS spam detection framework designed to overcome key challenges in detecting and understanding SMS spam, such as the lack of public SMS spam datasets, increasing privacy concerns of collecting SMS data, and the need for adversary-resistant detection models. SpamDam comprises four innovative modules: an SMS spam radar that identifies spam messages from online social networks(OSNs); an SMS spam inspector for statistical analysis; SMS spam detectors(SSDs) that enable both central training and federated learning; and an SSD analyzer that evaluates model resistance against adversaries in realistic scenarios. Leveraging SpamDam, we have compiled over 76K SMS spam messages from Twitter and Weibo between 2018 and 2023, forming the largest dataset of its kind. This dataset has enabled new insights into recent spam campaigns and the training of high-performing binary and multi-label classifiers for spam detection. Furthermore, effectiveness of federated learning has been well demonstrated to enable privacy-preserving SMS spam detection. Additionally, we have rigorously tested the adversarial robustness of SMS spam detection models, introducing the novel reverse backdoor attack, which has shown effectiveness and stealthiness in practical tests.

Cryptography and Security,Machine Learning

Avisha Das,Shahryar Baki,Ayman El Aassal,Rakesh Verma,Arthur Dunbar

DOI: https://doi.org/10.48550/arXiv.1911.00953

2019-11-04

Abstract:Phishing and spear-phishing are typical examples of masquerade attacks since trust is built up through impersonation for the attack to succeed. Given the prevalence of these attacks, considerable research has been conducted on these problems along multiple dimensions. We reexamine the existing research on phishing and spear-phishing from the perspective of the unique needs of the security domain, which we call security challenges: real-time detection, active attacker, dataset quality and base-rate fallacy. We explain these challenges and then survey the existing phishing/spear phishing solutions in their light. This viewpoint consolidates the literature and illuminates several opportunities for improving existing solutions. We organize the existing literature based on detection techniques for different attack vectors (e.g., URLs, websites, emails) along with studies on user awareness. For detection techniques, we examine properties of the dataset, feature extraction, detection algorithms used, and performance evaluation metrics. This work can help guide the development of more effective defenses for phishing, spear-phishing, and email masquerade attacks of the future, as well as provide a framework for a thorough evaluation and comparison.

Cryptography and Security

Harichandana B S S,Sumit Kumar,Manjunath Bhimappa Ujjinakoppa,Barath Raj Kandur Raja

2024-02-07

Abstract:Smartphones have become indispensable in our daily lives and can do almost everything, from communication to online shopping. However, with the increased usage, cybercrime aimed at mobile devices is rocketing. Smishing attacks, in particular, have observed a significant upsurge in recent years. This problem is further exacerbated by the perpetrator creating new deceptive websites daily, with an average life cycle of under 15 hours. This renders the standard practice of keeping a database of malicious URLs ineffective. To this end, we propose a novel on-device pipeline: COPS that intelligently identifies features of fraudulent messages and URLs to alert the user in real-time. COPS is a lightweight pipeline with a detection module based on the Disentangled Variational Autoencoder of size 3.46MB for smishing and URL phishing detection, and we benchmark it on open datasets. We achieve an accuracy of 98.15% and 99.5%, respectively, for both tasks, with a false negative and false positive rate of a mere 0.037 and 0.015, outperforming previous works with the added advantage of ensuring real-time alerts on resource-constrained devices.

Artificial Intelligence

Anjali Shinde,Essa Q. Shahra,Shadi Basurra,Faisal Saeed,Abdulrahman A. AlSewari,Waheb A. Jabbar

DOI: https://doi.org/10.3390/s24186084

IF: 3.9

2024-09-21

Sensors

Abstract:The growing problem of unsolicited text messages (smishing) and data irregularities necessitates stronger spam detection solutions. This paper explores the development of a sophisticated model designed to identify smishing messages by understanding the complex relationships among words, images, and context-specific factors, areas that remain underexplored in existing research. To address this, we merge a UCI spam dataset of regular text messages with real-world spam data, leveraging OCR technology for comprehensive analysis. The study employs a combination of traditional machine learning models, including K-means, Non-Negative Matrix Factorization, and Gaussian Mixture Models, along with feature extraction techniques such as TF_IDF and PCA. Additionally, deep learning models like RNN-Flatten, LSTM, and Bi-LSTM are utilized. The selection of these models is driven by their complementary strengths in capturing both the linear and non-linear relationships inherent in smishing messages. Machine learning models are chosen for their efficiency in handling structured text data, while deep learning models are selected for their superior ability to capture sequential dependencies and contextual nuances. The performance of these models is rigorously evaluated using metrics like accuracy, precision, recall, and F1 score, enabling a comparative analysis between the machine learning and deep learning approaches. Notably, the K-means feature extraction with vectorizer achieved 91.01% accuracy, and the KNN-Flatten model reached 94.13% accuracy, emerging as the top performer. The rationale behind highlighting these models is their potential to significantly improve smishing detection rates. For instance, the high accuracy of the KNN-Flatten model suggests its applicability in real-time spam detection systems, but its computational complexity might limit scalability in large-scale deployments. Similarly, while K-means with vectorizer excels in accuracy, it may struggle with the dynamic and evolving nature of smishing attacks, necessitating continual retraining.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Iddi S. Mambina,Jema D. Ndibwile,Deo Uwimpuhwe,Kisangiri F. Michael

DOI: https://doi.org/10.1109/access.2024.3365193

IF: 3.9

2024-02-20

IEEE Access

Abstract:In today's communications, Short Message Service (SMS) and Internet protocol-based messaging systems are the most widely used channels. These services are currently the target of an unprecedented number of threats due to their rising appeal. Some spammers have more nefarious motives, even though most spam stems from businesses seeking to promote their products. In recent years, as new security threats such as Smishing have emerged, the amount of SMS spam has experienced substantial growth. The scientific community has paid less attention to SMS spam than email spam even though both are extensively utilized. SMS spam presents extra processing hurdles. These include the use of lexical variants, SMS-like contractions, or sophisticated obfuscations, which degrade the performance of conventional filtering solutions. In this study, we investigate the efficacy of deep-learning models for filtering Swahili SMS spam based on linguistics and behavioral patterns using a real-world dataset from telecommunications companies in Tanzania. To validate the effectiveness of our models we subjected them to the UCI dataset of spam messages written in English. The models were trained and tested with 10 k-fold cross-validation. The experimental results show that the CNN-LSTM-LSTM hybrid model attained the highest accuracy of 99.98 on the Swahili dataset while CNN-BiLSTM performed better on the UCI dataset with an accuracy of 98.38.

computer science, information systems,telecommunications,engineering, electrical & electronic

B. Issac,R. Chiong,S.M. Jacob

DOI: https://doi.org/10.48550/arXiv.1410.4672

2014-10-17

Abstract:One of the biggest problems with the Internet technology is the unwanted spam emails. The well disguised phishing email comes in as part of the spam and makes its entry into the inbox quite frequently nowadays. While phishing is normally considered a consumer issue, the fraudulent tactics the phishers use are now intimidating the corporate sector as well. In this paper, we analyze the various aspects of phishing attacks and draw on some possible defenses as countermeasures. We initially address the different forms of phishing attacks in theory, and then look at some examples of attacks in practice, along with their common defenses. We also highlight some recent statistical data on phishing scam to project the seriousness of the problem. Finally, some specific phishing countermeasures at both the user level and the organization level are listed, and a multi-layered anti-phishing proposal is presented to round up our studies.

Cryptography and Security

Cori Faklaris

2024-01-26

Abstract:This paper describes three principal challenges in smishing mitigation - limitations of device affordances, complexity of infrastructure, and cognitive and contextual factors of mobile device use. We give a high-level overview of ideas that can mitigate smishing and work around these challenges.

Cryptography and Security,Computers and Society,Human-Computer Interaction

Hiroki Nakano,Daiki Chiba,Takashi Koide,Naoki Fukushi,Takeshi Yagi,Takeo Hariu,Katsunari Yoshioka,Tsutomu Matsumoto

DOI: https://doi.org/10.48550/arXiv.2303.15847

2023-06-06

Abstract:The rise in phishing attacks via e-mail and short message service (SMS) has not slowed down at all. The first thing we need to do to combat the ever-increasing number of phishing attacks is to collect and characterize more phishing cases that reach end users. Without understanding these characteristics, anti-phishing countermeasures cannot evolve. In this study, we propose an approach using Twitter as a new observation point to immediately collect and characterize phishing cases via e-mail and SMS that evade countermeasures and reach users. Specifically, we propose CrowdCanary, a system capable of structurally and accurately extracting phishing information (e.g., URLs and domains) from tweets about phishing by users who have actually discovered or encountered it. In our three months of live operation, CrowdCanary identified 35,432 phishing URLs out of 38,935 phishing reports, 31,960 (90.2%) of these phishing URLs were later detected by the anti-virus engine. We analyzed users who shared phishing threats by categorizing them into two groups: experts and non-experts. As a results, we discovered that CrowdCanary extracts non-expert report-specific information, like company brand name in tweets, phishing attack details from tweet images, and pre-redirect landing page information.

Cryptography and Security,Social and Information Networks