Article Preview
Top1. Introduction
Mobile devices seem to be popular these days because of their small screen size, lower production cost, and portability (Kang, Lee, Kang, Barolli, & Park, 2014). Because of their popularity, these devices appear to be a perfect target of fatal malicious attacks like mobile phishing, SMS Spam, Smishing, ransomware, mobile multimedia application threat, etc. (Polla, Martinelli, & Sgandurra, 2013). Smishing word is constructed by combining two words that are SMS and Phishing. Smishing is an SMS based online identity theft which steal sensitive personal information like username, password, and credit/debit card details by fooling the user to visit fake links, apps or webpages (Jain & Gupta, 2016; Gupta & Gupta, 2017; Jain & Gupta, 2017; Tewari, Jain, & Gupta, 2016). Sometimes the fake message also ask user to respond message with some personal details (Choudhary & Jain, 2017).
Short Message Service (SMS) is considered to be one of the widely used communication services. Some users prefer SMS messages over emails because it is simple and does not require the Internet connection. Moreover, the reduction in the cost of SMS services by telecom companies has led to the increased use of SMS and this rise attracted attackers to attack via SMS. Attackers can purchase any mobile number with any area code to send spam messages so that it becomes difficult to identify the attacker. Various mobile applications are also blocked spam messages, but people are not aware of these apps due to lack of knowledge (Zkik, Orhanou, & Hajji, 2017). Moreover, these applications cannot provide high accuracy because attackers continuously change their way of attacks. The bank customers are the traditional targets of phishers, and attacker send a significant number of smishing messages on behalf of telecom companies.
Smishing term was firstly used by David Rayhawk in a McAfee Avert Labs blog on August 25, 2006. In the Android’s Google Play store, malicious apps have increased by approximately 388% from the year 2011 to 2013 (The Cybersecurity source report, 2014). In 2017, a global survey by dimensional research analysed various types of mobile device attacks and they found that smishing attack stands at 2nd position (The Growing Threat of Mobile Device Security Breaches, 2017). Table 1 presents the evolution of smishing attack from 2006-2017.
Table 1.
Evolution of smishing attack
Year | Events |
2006 | Smishing term was used first time |
2007 | Smishing messages hits Canadian town |
2008 | Smishing messages target to Credit Unions |
2009 | Smishing attack targeted Buffalo Metropolitan Federal Credit Union customers in New York |
2010 | FBI’s Internet Crime Complaint Center (IC3) warned consumers about smishing attack |
2011 | 30% lookout uses clicks on malicious URL in text message |
2012 | Smishing phone scams proliferated in South Korea banks |
2013 | Serious Smishing vulnerability was reported in Samsung Galaxy S4 |
2014 | IC3 reported 6495 users became victim of Smishing attacks |
2015 | Bank affiliations were used to send Smishing messages |
2016 | UK lost £2 million each day as a result of financial fraud |
2017 | Smishing attack targeted users in Czech Republic |