Papers
Topics
Authors
Recent
Gemini 2.5 Flash
Gemini 2.5 Flash
41 tokens/sec
GPT-4o
59 tokens/sec
Gemini 2.5 Pro Pro
41 tokens/sec
o3 Pro
7 tokens/sec
GPT-4.1 Pro
50 tokens/sec
DeepSeek R1 via Azure Pro
28 tokens/sec
2000 character limit reached

Commercial Anti-Smishing Tools and Their Comparative Effectiveness Against Modern Threats (2309.07447v2)

Published 14 Sep 2023 in cs.CR

Abstract: Smishing, also known as SMS phishing, is a type of fraudulent communication in which an attacker disguises SMS communications to deceive a target into providing their sensitive data. Smishing attacks use a variety of tactics; however, they have a similar goal of stealing money or personally identifying information (PII) from a victim. In response to these attacks, a wide variety of anti-smishing tools have been developed to block or filter these communications. Despite this, the number of phishing attacks continue to rise. In this paper, we developed a test bed for measuring the effectiveness of popular anti-smishing tools against fresh smishing attacks. To collect fresh smishing data, we introduce Smishtank.com, a collaborative online resource for reporting and collecting smishing data sets. The SMS messages were validated by a security expert and an in-depth qualitative analysis was performed on the collected messages to provide further insights. To compare tool effectiveness, we experimented with 20 smishing and benign messages across 3 key segments of the SMS messaging delivery ecosystem. Our results revealed significant room for improvement in all 3 areas against our smishing set. Most anti-phishing apps and bulk messaging services didn't filter smishing messages beyond the carrier blocking. The 2 apps that blocked the most smish also blocked 85-100\% of benign messages. Finally, while carriers did not block any benign messages, they were only able to reach a 25-35\% blocking rate for smishing messages. Our work provides insights into the performance of anti-smishing tools and the roles they play in the message blocking process. This paper would enable the research community and industry to be better informed on the current state of anti-smishing technology on the SMS platform.

PDF HTML Abstract
Ai Sparkles Streamline Icon: https://streamlinehq.com Summarize Bookmark Chat Bubble Oval Streamline Icon: https://streamlinehq.com Chat (Pro)
Definition Search Book Streamline Icon: https://streamlinehq.com
References (51)
  1. Impact of anti-phishing tool performance on attack success rates. In 2012 IEEE International Conference on Intelligence and Security Informatics, pages 12–17, 2012.
  2. Contributions to the study of sms spam filtering: New collection and results. In Proceedings of the 11th ACM Symposium on Document Engineering, DocEng ’11, page 259–262, New York, NY, USA, 2011. Association for Computing Machinery.
  3. Calls Blacklist - call blocker. https://play.google.com/store/apps/details?id=com.vladlee.easyblacklist.
  4. Apwg — unifying the global response to cybercrime. https://apwg.org/.
  5. Avoiding the phishing bait: The need for conventional countermeasures for mobile users. In 2018 IEEE 9th Annual Information Technology, Electronics and Mobile Communication Conference (IEMCON), pages 421–425, 2018.
  6. URL Shortener - Short URLs & Custom Free Link Shortener. https://bitly.com/.
  7. Sarah Brookbank. Don’t click that link: Scammers are targeting fifth third bank customers. https://www.cincinnati.com/story/news/2020/12/23/dont-click-link-scammers-targeting-fifth-third-bank-customers/4005789001/.
  8. Antonio Camacho. A spam text from your own number? don’t get phished - cnet. https://www.cnet.com/tech/mobile/a-spam-text-from-your-own-number-dont-get-phished/.
  9. A honeypots based anti-phishing framework. In 2014 International Conference on Control, Instrumentation, Communication and Computational Technologies (ICCICCT), pages 618–625, 2014.
  10. A survey on anti-phishing techniques in mobile phones. In 2016 International Conference on Inventive Computation Technologies (ICICT), volume 2, pages 1–5, 2016.
  11. Cisco. Cyber security threat trends: phishing, crypto top the list, 2021 (accessed April 10, 2022). https://learn-umbrella.cisco.com/ebook-library/2021-cyber-security-threat-trends-phishing-crypto-top-the-list.
  12. https://www.clicksend.com/us/.
  13. CTIA. Messaging principles and best practices, 2021 (accessed April 17, 2022). https://api.ctia.org/wp-content/uploads/2019/07/190719-CTIA-Messaging-Principles-and-Best-Practices-FINAL.pdf.
  14. Phishmonger: A free and open source public archive of real-world phishing websites. In 2016 IEEE Conference on Intelligence and Security Informatics (ISI), pages 31–36, 2016.
  15. Text Marketing - sms marketing – 2020 best mms marketing software. https://www.eztexting.com/.
  16. EZTexting. What is an A2P-enabled high-volume number and why should I upgrade? https://eztexting.force.com/answers/s/article/What-is-an-A2P-number-and-why-should-I-upgrade, 2022. [Online; accessed 22-December-2022].
  17. FBI. Federal bureau of investigation intenert crime report 2021, 2021 (accessed April 10, 2022). https://www.ic3.gov/Media/PDF/AnnualReport/2021_IC3Report.pdf.
  18. FCC. Telephone consumer protection act 47 u.s.c. § 227, 2021 (accessed April 17, 2022). https://www.fcc.gov/sites/default/files/tcpa-rules.pdf.
  19. Max Freedman. The best text message marketing services of 2022. https://www.businessnewsdaily.com/15044-best-text-message-marketing-solutions.html.
  20. G2. Best sms marketing software in 2022: Compare reviews on 290+ — g2. https://www.g2.com/categories/sms-marketing.
  21. Natalie Goguen. Vitalworks and microsoft reach settlement. https://www.noip.com/blog/2014/07/09/vitalwerks-microsoft-reach-settlement/, 2014. [Online; accessed 1/6/23].
  22. Abhijeet Guha. Sms firewall – the feature you need in an smsc. https://www.revesoft.com/blog/sms-platform/sms-firewall/.
  23. Francis Enejo Idachaba. Algorithm for source mobile identification and deactivation in sms triggered improvised explosive devices. Procedia Engineering, 78:96–101, 2014. Humanitarian Technology: Science, Systems and Global Impact 2014, HumTech2014.
  24. TextKiller spam text blocker. https://apps.apple.com/us/app/textkiller-spam-text-blocker/id1514005355.
  25. itpro. Smishing attacks increased 700% in first six months of 2021. https://www.itpro.com/security/scams/360873/smishing-attacks-increase-700-percent-2021, 2021. [Online; accessed 24-July-2022].
  26. Rule-based framework for detection of smishing messages in mobile environment. Procedia Computer Science, 125:617–623, 2018. The 6th International Conference on Smart Computing and Communications.
  27. Brian Krebs. U.k. arrest in ’sms bandits’ phishing service, Feb 2021.
  28. Phishbox: An approach for phishing validation and detection. In 2017 IEEE 15th Intl Conf on Dependable, Autonomic and Secure Computing, pages 557–564, 2017.
  29. Sms phishing and mitigation approaches. In 2019 Twelfth International Conference on Contemporary Computing (IC3), pages 1–5, 2019.
  30. Dsmishsms-a system to detect smishing sms. Neural Computing & Applications, pages 1 – 18, 2021.
  31. A practical rule based technique by splitting sms phishing from sms spam for better accuracy in mobile device. International Review on Computers and Software (IRECOS), 9:1776, 10 2014.
  32. Phishfarm: A scalable framework for measuring the effectiveness of evasion techniques against browser phishing blacklists. In 2019 IEEE Symposium on Security and Privacy (SP), pages 1344–1361, 2019.
  33. Inside a phisher’s mind: Understanding the anti-phishing ecosystem through phishing kit analysis. In 2018 APWG Symposium on Electronic Crime Research (eCrime), pages 1–12, 2018.
  34. Online Threat Alerts (OTA). Costco Text Scam Reward Coupon and Airpod Raffle. https://www.onlinethreatalerts.com/article/2021/6/13/costco-text-scam-reward-coupon-and-raffle/, 2022. [Online; accessed 12/25/22].
  35. Join the fight against phishing phishtank. https://phishtank.org/.
  36. Phishnet: Predictive blacklisting to detect phishing attacks. In 2010 Proceedings IEEE INFOCOM, pages 1–5, 2010.
  37. proofpoint. 2022 state of the phish, 2022 (accessed April 10, 2022). https://www.proofpoint.com/us/resources/threat-reports/state-of-phish.
  38. Be the phisher – understanding users’ perception of malicious domains. In Proceedings of the 15th ACM Asia Conference on Computer and Communications Security, ASIA CCS ’20, page 263–276, New York, NY, USA, 2020. Association for Computing Machinery.
  39. Detecting sms spam in the age of legitimate bulk messaging. In Proceedings of the 9th ACM Conference on WiSec, WiSec ’16, page 165–170, New York, NY, USA, 2016. ACM.
  40. Sending out an sms: Characterizing the security of the sms ecosystem with public gateways. In 2016 IEEE Symposium on Security and Privacy (SP), pages 339–356, 2016.
  41. Characterizing the security of the sms ecosystem with public gateways. ACM Trans. Priv. Secur., 22(1), dec 2018.
  42. A comparative analysis and awareness survey of phishing detection tools. In 2017 2nd IEEE International Conference on Recent Trends in Electronics, Information Communication Technology (RTEICT), pages 1437–1442, 2017.
  43. Automated sms classification and spam analysis using topic modeling. In 2nd International Conference on Data, Engineering and Applications (IDEA), pages 1–6, 2020.
  44. Clues in tweets: Twitter-guided discovery and analysis of sms spam, 2022.
  45. Twilio Texting Platform TCPA Class Action. https://www.natlawreview.com/article/platform-provider-paradox-text-platform-provider-twilio-may-be-directly-liable-tcpa.
  46. #1 Texting Software — sms automation software. https://www.trumpia.com/.
  47. SMS Spam Collection Data Set from UCI Machine Learning Repository uci archive. http://archive.ics.uci.edu/ml/datasets/SMS+Spam+Collection.
  48. VirusTotal - home. https://www.virustotal.com/gui/home/url.
  49. Survey paper: Taxonomy of website anti-phishing solutions. In 2020 Seventh International Conference on Social Networks Analysis, Management and Security (SNAMS), pages 1–8, 2020.
  50. Survey of anti-phishing tools with detection capabilities. In 2014 International Symposium on Biometrics and Security Technologies (ISBAST), pages 214–219, 2014.
  51. Phinding phish: Evaluating anti-phishing tools. Proc. 14th Annual Network andDistributed System Security Sympos.1–16, 2007.
User Edit Pencil Streamline Icon: https://streamlinehq.com
Authors (2)
  1. Daniel Timko (6 papers)
  2. Muhammad Lutfor Rahman (6 papers)
Citations (14)
View on Semantic Scholar
X Twitter Logo Streamline Icon: https://streamlinehq.com

Tweets