Detection and Prevention of Smishing Attacks

TL;DR

This paper introduces a machine learning-based model for detecting smishing attacks via SMS, normalizing slang and abbreviations to improve accuracy, achieving over 96% overall classification accuracy.

Contribution

It presents a novel content-based detection model specifically designed for smishing, addressing challenges posed by informal language and short message formats.

Findings

Achieved 97.14% accuracy in detecting smishing messages

Achieved 96.12% accuracy in identifying legitimate messages

Overall classification accuracy of 96.20%

Abstract

Phishing is an online identity theft technique where attackers steal users personal information, leading to financial losses for individuals and organizations. With the increasing adoption of smartphones, which provide functionalities similar to desktop computers, attackers are targeting mobile users. Smishing, a phishing attack carried out through Short Messaging Service (SMS), has become prevalent due to the widespread use of SMS-based services. It involves deceptive messages designed to extract sensitive information. Despite the growing number of smishing attacks, limited research focuses on detecting these threats. This work presents a smishing detection model using a content-based analysis approach. To address the challenge posed by slang, abbreviations, and short forms in text communication, the model normalizes these into standard forms. A machine learning classifier is employed to classify messages as smishing or ham. Experimental results demonstrate the model effectiveness, achieving classification accuracies of 97.14% for smishing and 96.12% for ham messages, with an overall accuracy of 96.20%.