Fishing for Smishing: Understanding SMS Phishing Infrastructure and Strategies by Mining Public User Reports

Abstract

Recently, there has been a worldwide surge in SMS phishing, aka smishing. However, the lack of open-access updated datasets makes it challenging for researchers to study this global issue. Mobile network operators and government agencies provide users special SMS spam reporting services. Though, these services are regional and users are largely unaware. So, users often turn to public forums such as Twitter or Reddit to report and discuss smishing. This paper presents a novel methodological approach to collect an updated smishing dataset and measure the infrastructure, targets, and strategies employed by attackers to lure victims. We programmatically collect users’ smishing reports from five public forums, collating over 64.5𝑘� smishing image attachments and reports, which include 28.6𝑘� sender IDs and 25.9𝑘� URLs criminals abuse to conduct smishing campaigns across 66 languages. We unveil the exploited infrastructure ranging from mobile network operators to domains. We categorize smishing texts into seven scam types and explain lures criminals use to deceive victims into providing sensitive/financial information. Through a case study using real time measurements on a random sample of Twitter posts, we showcase how to uncover Android malware spread via smishing. We suggest effective mitigation approaches to curb this widespread cybercrime.