Feature Based Approach for Detection of Smishing Messages in the Mobile Environment

Feature Based Approach for Detection of Smishing Messages in the Mobile Environment

Ankit Kumar Jain (National Institute of Technology Kurukhetra, Kurukshetra, India) and B. B. Gupta (National Institute of Technology Kurukshtra, Kurukshetra, India)
Copyright: © 2019 |Pages: 19
DOI: 10.4018/JITR.2019040102

Abstract

Smishing is a security attack that is performed by sending a fake message intending to steal personal credentials of mobile users. Nowadays, smishing attack becomes popular due to the massive growth of mobile users. The smishing message is very harmful since its target to financial benefits. In this article, the authors present a new feature-based approach to detect smishing messages in the mobile environment. This approach offers ten novel features that distinguish the fake messages from the ham messages. In this article, the authors have also identified the nineteen most suspicious keywords, which are used by the attacker to lure victims. This article has implemented these features on benchmarked dataset and applied numerous classification algorithms to judge the performance of the proposed approach. Experimental outcomes indicate that proposed approach can detect smishing messages with the 94.20% true positive rate and 98.74% overall accuracy. Furthermore, the proposed approach is very efficient for the detection of the zero hour attack.
Article Preview

1. Introduction

Mobile devices seem to be popular these days because of their small screen size, lower production cost, and portability (Kang, Lee, Kang, Barolli, & Park, 2014). Because of their popularity, these devices appear to be a perfect target of fatal malicious attacks like mobile phishing, SMS Spam, Smishing, ransomware, mobile multimedia application threat, etc. (Polla, Martinelli, & Sgandurra, 2013). Smishing word is constructed by combining two words that are SMS and Phishing. Smishing is an SMS based online identity theft which steal sensitive personal information like username, password, and credit/debit card details by fooling the user to visit fake links, apps or webpages (Jain & Gupta, 2016; Gupta & Gupta, 2017; Jain & Gupta, 2017; Tewari, Jain, & Gupta, 2016). Sometimes the fake message also ask user to respond message with some personal details (Choudhary & Jain, 2017).

Short Message Service (SMS) is considered to be one of the widely used communication services. Some users prefer SMS messages over emails because it is simple and does not require the Internet connection. Moreover, the reduction in the cost of SMS services by telecom companies has led to the increased use of SMS and this rise attracted attackers to attack via SMS. Attackers can purchase any mobile number with any area code to send spam messages so that it becomes difficult to identify the attacker. Various mobile applications are also blocked spam messages, but people are not aware of these apps due to lack of knowledge (Zkik, Orhanou, & Hajji, 2017). Moreover, these applications cannot provide high accuracy because attackers continuously change their way of attacks. The bank customers are the traditional targets of phishers, and attacker send a significant number of smishing messages on behalf of telecom companies.

Smishing term was firstly used by David Rayhawk in a McAfee Avert Labs blog on August 25, 2006. In the Android’s Google Play store, malicious apps have increased by approximately 388% from the year 2011 to 2013 (The Cybersecurity source report, 2014). In 2017, a global survey by dimensional research analysed various types of mobile device attacks and they found that smishing attack stands at 2nd position (The Growing Threat of Mobile Device Security Breaches, 2017). Table 1 presents the evolution of smishing attack from 2006-2017.

Table 1.
Evolution of smishing attack
YearEvents
2006Smishing term was used first time
2007Smishing messages hits Canadian town
2008Smishing messages target to Credit Unions
2009Smishing attack targeted Buffalo Metropolitan Federal Credit Union customers in New York
2010FBI’s Internet Crime Complaint Center (IC3) warned consumers about smishing attack
201130% lookout uses clicks on malicious URL in text message
2012Smishing phone scams proliferated in South Korea banks
2013Serious Smishing vulnerability was reported in Samsung Galaxy S4
2014IC3 reported 6495 users became victim of Smishing attacks
2015Bank affiliations were used to send Smishing messages
2016UK lost £2 million each day as a result of financial fraud
2017Smishing attack targeted users in Czech Republic

Complete Article List

Search this Journal:
Reset
Open Access Articles
Volume 13: 4 Issues (2020): Forthcoming, Available for Pre-Order
Volume 12: 4 Issues (2019): 3 Released, 1 Forthcoming
Volume 11: 4 Issues (2018)
Volume 10: 4 Issues (2017)
Volume 9: 4 Issues (2016)
Volume 8: 4 Issues (2015)
Volume 7: 4 Issues (2014)
Volume 6: 4 Issues (2013)
Volume 5: 4 Issues (2012)
Volume 4: 4 Issues (2011)
Volume 3: 4 Issues (2010)
Volume 2: 4 Issues (2009)
Volume 1: 4 Issues (2008)
View Complete Journal Contents Listing