Friend or foe: an investigation into recipient identification of SMS-based phishing

Max Clasen, Fudong Li*, David Williams

*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceedingConference contribution

203 Downloads (Pure)

Abstract

Short Message Service (SMS) messaging plays a key role in many people’s lives, allowing communication between friends, family and businesses through the convenient use of a mobile phone. At the same time, criminals are able to utilise this technology to their own benefit, such as by sending phishing messages that convince their victims into sharing sensitive information or installing dangerous software on their devices. Indeed, Proofpoint’s State of the Phish report found 81% of surveyed US organisations had faced smishing attacks – which is a type phishing attack via SMS message in 2020.

Although phishing is well studied, the amount of research in SMS-based phish-ing is somewhat limited. Therefore, this study addresses the lack of SMS-based phishing insight, investigating which techniques/tactics are used by malicious senders and honest recipients to disguise/identify SMS-based phishing. By using an online questionnaire, a total of 576 participants’ options upon 20 text messages (10 genuine and 10 phishing) were gathered. The result shows 73.4% of the SMS messages were categorised correctly; also a number of factors such as shortened URLs, inconsistent metadata/content, urgency cue, and age play a positive role in identifying phishing attacks.
Original languageEnglish
Title of host publicationHuman Aspects of Information Security and Assurance
Subtitle of host publication15th IFIP WG 11.12 International Symposium, HAISA 2021, Virtual Event, July 7–9, 2021, Proceedings
EditorsSteven Furnell, Nathan Clarke
Place of PublicationCham
PublisherSpringer
Chapter13
Pages148-163
Number of pages16
Edition1st
ISBN (Electronic)9783030811112
ISBN (Print)9783030811105, 9783030811136
DOIs
Publication statusPublished - 8 Jul 2021
EventHAISA 2021: International Symposium on Human Aspects of Information Security and Assurance - Virtual Event
Duration: 7 Jul 20219 Jul 2021
https://haisa.org/

Publication series

NameIFIP Advances in Information and Communication Technology
PublisherSpringer Verlag
Volume613
ISSN (Print)1868-4238
ISSN (Electronic)1868-422X

Conference

ConferenceHAISA 2021: International Symposium on Human Aspects of Information Security and Assurance
Period7/07/219/07/21
Internet address

Keywords

  • short message service (SMS)
  • phishing
  • text message
  • mobile phishing

Fingerprint

Dive into the research topics of 'Friend or foe: an investigation into recipient identification of SMS-based phishing'. Together they form a unique fingerprint.

Cite this