Friend or Foe: An Investigation into Recipient Identification of SMS-Based Phishing

Clasen, Max; Li, Fudong; Williams, David

doi:10.1007/978-3-030-81111-2_13

Cited by 7 publications

(7 citation statements)

References 23 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Smishing, a compound word of SMS and phishing, is an attack in which SMS messages are sent to mobile device users to direct them to a website asking for personal information. This attack exploits human instincts such as fear and stress [48], [49]. For example, an attacker impersonates a trusted sender, such as a bank, to send important messages such as a notice that personal information has been stolen.…”

Section: Background a Smishingmentioning

confidence: 99%

Smishing Strategy Dynamics and Evolving Botnet Activities in Japan

Saeki

Kitayama

Koga³

et al. 2022

IEEE Access

View full text Add to dashboard Cite

XLoader and FakeSpy, the two major smishing botnets targeting Japan, change their attack strategies over various timescales. Based on recent observations of the botnets and Twitter data, we present empirical facts about their strategies and activity patterns and applied some of these strategic and activity patterns to malware detection and malicious domain detection. All the proposed methods yielded small false positive and negative rates, and are expected to run on user devices owing to their small computational cost. Recent malware detection methods based on traffic analysis extract TCP/IP traffic features if the upper layers of TCP are encrypted. In this study, Frida's hooking capability was employed to decode the upper layers (WebSocket and JSON-RPC) to create a list of all commands flowing over the botnet channel. The command-level traffic analysis presents decisive attack features because commands are transmitted according to strategies developed by the attackers. The proposed malicious domain detection method, on the other hand, exploited the tendency of the attackers to create domains in batches. Previous researchers focused on how benign and malicious domains were registered and used on the name servers. The proposed method, on the other hand, focuses on the arrival rate of SMS messages with URL links. The error rates become significantly small when users do not receive such messages very often.

show abstract

Section: Background a Smishingmentioning

confidence: 99%

Smishing Strategy Dynamics and Evolving Botnet Activities in Japan

Saeki

Kitayama

Koga³

et al. 2022

IEEE Access

View full text Add to dashboard Cite

show abstract

“…Numerous scams and phishing attacks are the most prevalent and effective attacks during the pandemic. Phishing attacks have a success rate of over 30 percent [28].It is particularly concerning because attackers just require a low percentage of clicks to generate revenue or accomplish other objectives. Consequently, sending millions of emails to victims pleading for financial assistance from the government, their employers, banks and other sources will result in immediate and large rewards.…”

Section: A Spear-phishing and Spam Emailsmentioning

confidence: 99%

COVID-19 and Global Increases in Cybersecurity Attacks: Review of Possible Adverse Artificial Intelligence Attacks

Jaber

Fritsch

2021

2021 25th International Computer Science and Engineering Conference (ICSEC)

View full text Add to dashboard Cite

The World Health Organization's (WHO) coronavirus disease dashboard has recorded over 207 million confirmed infections and over 4 million deaths. There has been an increasing vulnerability in cybersecurity amongst businesses, governments and individuals worldwide because the COVID-19 pandemic has led to additional online activities. Accordingly, many people have turned to online work whilst the world is locked down. Thus, warnings have been issued by cybersecurity agencies that the number of cyber threat actors is increasing, and that they are improving in terms of stealing money, personal information and intellectual property. Opportunities for cybercrimes have increased, and COVID-19 is an effective lure. New methods for adverse artificial intelligence (AI)-empowered cyberattacks have been developed, or will be in the near future, using various weaponisations of AI under the COVID-19 umbrella. For this reason, this study reviewed and summarised how and when the most recent cyberattack trends can successfully exploit COVID-19 as a context for attack. Additionally, a summary of the state of knowledge of adverse AI is given, and its potential within the COVID-themed security threats, including defenses, is discussed.

show abstract

“…Additionally, some research has suggested that younger adults may be more vulnerable than their older adult counterparts (e.g., Sarno et al, 2020; Sheng et al, 2011). Interestingly, younger age has also been linked to an increased vulnerability to text attacks (Clasen et al, 2021) and younger adults have been reported to believe false information more than older adults (Buchanan, 2020; Rauwolf, 2022; Vijaykumar et al, 2021). However, older adults have been found to share more false information online than any other age group (Allcott & Gentzkow, 2017; Brashier & Schacter, 2020; Schaewitz et al, 2020).…”

Section: Introductionmentioning

confidence: 99%

Who Gets Caught in the Web of Lies?: Understanding Susceptibility to Phishing Emails, Fake News Headlines, and Scam Text Messages

Sarno

Black

2023

Hum Factors

View full text Add to dashboard Cite

Objective The present study investigated if the same users are vulnerable to phishing emails, scam text messages, and fake news headlines and if there are universal predictors of susceptibility for all three tasks. Background Theoretical research provides support for the notion that the same users likely fall for multiple forms of online deception. However, no research has directly compared susceptibility for various online deceptions (eg phishing, disinformation, scam text messages) within the same group of users. Method Participants completed an online survey consisting of demographic questions, the Cognitive Reflection Test (ie impulsivity), and the Digital Literacy Scale, and classified 90 legitimate and deceptive emails, text messages, and news headlines. Results Results suggest that individuals who struggle to discriminate between deceptive and legitimate stimuli on one task experience similar difficulties on the other two tasks. Additionally, while lower levels of digital literacy and cognitive reflectiveness predicted poorer discrimination abilities across all three tasks, age did not predict performance. Interestingly, participants appeared to be the most susceptible to phishing emails. Conclusion Overall, individuals who fall for one form of online deception appear to be more likely to fall for other forms of deception, and digital literacy and cognitive reflectiveness can predict widespread vulnerability to online deception. Application Organizations may be able to identify potential vulnerabilities for a variety of online attacks by measuring digital literacy, cognitive reflectiveness, and performance in one online deception task. Additionally, training interventions may be the most needed for phishing emails.

show abstract

Friend or Foe: An Investigation into Recipient Identification of SMS-Based Phishing

Cited by 7 publications

References 23 publications

Smishing Strategy Dynamics and Evolving Botnet Activities in Japan

Smishing Strategy Dynamics and Evolving Botnet Activities in Japan

COVID-19 and Global Increases in Cybersecurity Attacks: Review of Possible Adverse Artificial Intelligence Attacks

Who Gets Caught in the Web of Lies?: Understanding Susceptibility to Phishing Emails, Fake News Headlines, and Scam Text Messages

Contact Info

Product

Resources

About