Abstract
Short Message Service (SMS) messaging plays a key role in many people’s lives, allowing communication between friends, family and businesses through the convenient use of a mobile phone. At the same time, criminals are able to utilise this technology to their own benefit, such as by sending phishing messages that convince their victims into sharing sensitive information or installing dangerous software on their devices. Indeed, Proofpoint’s State of the Phish report found 81% of surveyed US organisations had faced smishing attacks – which is a type phishing attack via SMS message in 2020.
Although phishing is well studied, the amount of research in SMS-based phish-ing is somewhat limited. Therefore, this study addresses the lack of SMS-based phishing insight, investigating which techniques/tactics are used by malicious senders and honest recipients to disguise/identify SMS-based phishing. By using an online questionnaire, a total of 576 participants’ options upon 20 text messages (10 genuine and 10 phishing) were gathered. The result shows 73.4% of the SMS messages were categorised correctly; also a number of factors such as shortened URLs, inconsistent metadata/content, urgency cue, and age play a positive role in identifying phishing attacks.
Although phishing is well studied, the amount of research in SMS-based phish-ing is somewhat limited. Therefore, this study addresses the lack of SMS-based phishing insight, investigating which techniques/tactics are used by malicious senders and honest recipients to disguise/identify SMS-based phishing. By using an online questionnaire, a total of 576 participants’ options upon 20 text messages (10 genuine and 10 phishing) were gathered. The result shows 73.4% of the SMS messages were categorised correctly; also a number of factors such as shortened URLs, inconsistent metadata/content, urgency cue, and age play a positive role in identifying phishing attacks.
Original language | English |
---|---|
Title of host publication | Human Aspects of Information Security and Assurance |
Subtitle of host publication | 15th IFIP WG 11.12 International Symposium, HAISA 2021, Virtual Event, July 7–9, 2021, Proceedings |
Editors | Steven Furnell, Nathan Clarke |
Place of Publication | Cham |
Publisher | Springer |
Chapter | 13 |
Pages | 148-163 |
Number of pages | 16 |
Edition | 1st |
ISBN (Electronic) | 9783030811112 |
ISBN (Print) | 9783030811105, 9783030811136 |
DOIs | |
Publication status | Published - 8 Jul 2021 |
Event | HAISA 2021: International Symposium on Human Aspects of Information Security and Assurance - Virtual Event Duration: 7 Jul 2021 → 9 Jul 2021 https://haisa.org/ |
Publication series
Name | IFIP Advances in Information and Communication Technology |
---|---|
Publisher | Springer Verlag |
Volume | 613 |
ISSN (Print) | 1868-4238 |
ISSN (Electronic) | 1868-422X |
Conference
Conference | HAISA 2021: International Symposium on Human Aspects of Information Security and Assurance |
---|---|
Period | 7/07/21 → 9/07/21 |
Internet address |
Keywords
- short message service (SMS)
- phishing
- text message
- mobile phishing