Smishing is a security attack that is performed by sending a fake message intending to steal personal credentials of mobile users. Nowadays, smishing attack becomes popular due to the massive growth of mobile users. The smishing message is very harmful since its target to financial benefits. In this article, the authors present a new feature-based approach to detect smishing messages in the mobile environment. This approach offers ten novel features that distinguish the fake messages from the ham messages. In this article, the authors have also identified the nineteen most suspicious keywords, which are used by the attacker to lure victims. This article has implemented these features on benchmarked dataset and applied numerous classification algorithms to judge the performance of the proposed approach. Experimental outcomes indicate that proposed approach can detect smishing messages with the 94.20% true positive rate and 98.74% overall accuracy. Furthermore, the proposed approach is very efficient for the detection of the zero hour attack.
Top1. Introduction
Mobile devices seem to be popular these days because of their small screen size, lower production cost, and portability (Kang, Lee, Kang, Barolli, & Park, 2014). Because of their popularity, these devices appear to be a perfect target of fatal malicious attacks like mobile phishing, SMS Spam, Smishing, ransomware, mobile multimedia application threat, etc. (Polla, Martinelli, & Sgandurra, 2013). Smishing word is constructed by combining two words that are SMS and Phishing. Smishing is an SMS based online identity theft which steal sensitive personal information like username, password, and credit/debit card details by fooling the user to visit fake links, apps or webpages (Jain & Gupta, 2016; Gupta & Gupta, 2017; Jain & Gupta, 2017; Tewari, Jain, & Gupta, 2016). Sometimes the fake message also ask user to respond message with some personal details (Choudhary & Jain, 2017).
Short Message Service (SMS) is considered to be one of the widely used communication services. Some users prefer SMS messages over emails because it is simple and does not require the Internet connection. Moreover, the reduction in the cost of SMS services by telecom companies has led to the increased use of SMS and this rise attracted attackers to attack via SMS. Attackers can purchase any mobile number with any area code to send spam messages so that it becomes difficult to identify the attacker. Various mobile applications are also blocked spam messages, but people are not aware of these apps due to lack of knowledge (Zkik, Orhanou, & Hajji, 2017). Moreover, these applications cannot provide high accuracy because attackers continuously change their way of attacks. The bank customers are the traditional targets of phishers, and attacker send a significant number of smishing messages on behalf of telecom companies.
Smishing term was firstly used by David Rayhawk in a McAfee Avert Labs blog on August 25, 2006. In the Android’s Google Play store, malicious apps have increased by approximately 388% from the year 2011 to 2013 (The Cybersecurity source report, 2014). In 2017, a global survey by dimensional research analysed various types of mobile device attacks and they found that smishing attack stands at 2nd position (The Growing Threat of Mobile Device Security Breaches, 2017). Table 1 presents the evolution of smishing attack from 2006-2017.
Table 1. Evolution of smishing attack
| Year | Events |
| 2006 | Smishing term was used first time |
| 2007 | Smishing messages hits Canadian town |
| 2008 | Smishing messages target to Credit Unions |
| 2009 | Smishing attack targeted Buffalo Metropolitan Federal Credit Union customers in New York |
| 2010 | FBI’s Internet Crime Complaint Center (IC3) warned consumers about smishing attack |
| 2011 | 30% lookout uses clicks on malicious URL in text message |
| 2012 | Smishing phone scams proliferated in South Korea banks |
| 2013 | Serious Smishing vulnerability was reported in Samsung Galaxy S4 |
| 2014 | IC3 reported 6495 users became victim of Smishing attacks |
| 2015 | Bank affiliations were used to send Smishing messages |
| 2016 | UK lost £2 million each day as a result of financial fraud |
| 2017 | Smishing attack targeted users in Czech Republic |