A Quantitative Study of SMS Phishing Detection

TL;DR

This study investigates how user attention and security behavior influence the ability to detect SMS phishing, revealing significant challenges in distinguishing real from fake messages and providing insights for improving user resilience.

Contribution

It provides an empirical analysis of factors affecting smishing detection accuracy through a survey with 187 participants, highlighting key behavioral influences.

Findings

Participants had 67.1% accuracy with fake messages.

Participants had 43.6% accuracy with real messages.

Attention and security behavior significantly impact detection accuracy.

Abstract

With the booming popularity of smartphones, threats related to these devices are increasingly on the rise. Smishing, a combination of SMS (Short Message Service) and phishing has emerged as a treacherous cyber threat used by malicious actors to deceive users, aiming to steal sensitive information, money or install malware on their mobile devices. Despite the increase in smishing attacks in recent years, there are very few studies aimed at understanding the factors that contribute to a user's ability to differentiate real from fake messages. To address this gap in knowledge, we have conducted an online survey on smishing detection with 187 participants. In this study, we presented them with 16 SMS screenshots and evaluated how different factors affect their decision making process in smishing detection. Next, we conducted a post-survey to garner information on the participants' security attitudes, behavior and knowledge. Our results highlighted that attention and security behavioral scores had a significant impact on participants' accuracy in identifying smishing messages. We found that participants had more difficulty identifying real messages from fake ones, with an accuracy of 67.1% with fake messages and 43.6% with real messages. Our study is crucial in developing proactive strategies to encounter and mitigate smishing attacks. By understanding what factors influence smishing detection, we aim to bolster users' resilience against such threats and create a safer digital environment for all.