Mobile Phishing Attacks and Mitigation Techniques

Shahriar, Hossain; Klintic, Tulin; Clincy, Victor

doi:10.4236/jis.2015.63021

Cited by 33 publications

(20 citation statements)

References 2 publications

(1 reference statement)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Solutions. Existing phishing countermeasures use techniques such as content filtering, visual matching, and blacklist or whitelist matching [14]. Content filtering system examines the content of webpages for suspected URLs.…”

Section: Current Phishing Detectionmentioning

confidence: 99%

A Case-Based Reasoning Approach for Automatic Adaptation of Classifiers in Mobile Phishing Detection

Zaw

Vasupongayya

2019

Journal of Computer Networks and Communications

View full text Add to dashboard Cite

Currently, the smartphone contains lots of sensitive information. The increasing number of smartphone usage makes it more interesting for phishers. Existing phishing detection techniques are performed on their specific features with selected classifiers to get their best accuracy. An effective phishing detection approach is required to adapt the concept drift of mobile phishing and prevent degradation in accuracy. In this work, an adaptive phishing detection approach based on case-based reasoning technique is proposed to handle the concept drift challenge in phishing apps. Several experiments are conducted in order to demonstrate the design decision of our proposed model. The proposed model is evaluated with a large feature set containing 1,065 features from 10 different categories. These features are extracted from more than 10,000 android applications. Five combinations of features are created in order to mimic new real-world Android apps to evaluate our experiments. Moreover, a reduced feature set is also studied in this work in order to improve the efficiency of the proposed model. Both accuracy and efficiency of the proposed model are evaluated. The experimental results show that our proposed model achieves acceptable accuracy and efficiency for the phishing detection.

show abstract

Section: Current Phishing Detectionmentioning

confidence: 99%

A Case-Based Reasoning Approach for Automatic Adaptation of Classifiers in Mobile Phishing Detection

Zaw

Vasupongayya

2019

Journal of Computer Networks and Communications

View full text Add to dashboard Cite

show abstract

“…Phishing attacks: This is where fraudsters masquerade as staff of MMSP and call or send SMS messages to the subscribers to lure them into revealing their mobile money PIN. Resiliency against phishing attacks is enhanced by employing multifactor authentication, an anomaly-based intrusion detection system, email authentication, encryption, secure sockets layer, reports of suspicious activities, back-end analytics, user training and awareness, content-based filtering, blacklisting, and whitelisting [112][113][114]. Aleroud and Zhou [115] used machine learning, profile matching, text mining, ontology, honeypots, and client-server authentication to detect phishing attacks.…”

Section: Resultsmentioning

confidence: 99%

“…Phishing attacks Multifactor authentication, anomaly-based intrusion detection system, email authentication, encryption, secure sockets layer, reports of suspicious activities, back-end analytics, user training/awareness, content-based filtering, blacklisting, and whitelisting. [112][113][114] Using machine learning, profile matching, text mining, ontology, honeypots, and client-server authentication.…”

Section: S/no Threat Models Countermeasure Social Engineering Attackmentioning

confidence: 99%

Two-Factor Authentication Scheme for Mobile Money: A Review of Threat Models and Countermeasures

2020

View full text Add to dashboard Cite

The proliferation of digital financial innovations like mobile money has led to the rise in mobile subscriptions and transactions. It has also increased the security challenges associated with the current two-factor authentication (2FA) scheme for mobile money due to the high demand. This review paper aims to determine the threat models in the 2FA scheme for mobile money. It also intends to identify the countermeasures to overcome the threat models. A comprehensive literature search was conducted from the Google Scholar and other leading scientific databases such as IEEE Xplore, MDPI, Emerald Insight, Hindawi, ACM, Elsevier, Springer, and Specific and International Journals, where 97 papers were reviewed that focused on the topic. Descriptive research papers and studies related to the theme were selected. Three reviewers extracted information independently on authentication, mobile money system architecture, mobile money access, the authentication scheme for mobile money, various attacks on the mobile money system (MMS), threat models in the 2FA scheme for mobile money, and countermeasures. Through literature analysis, it was found that the threat models in the 2FA scheme for mobile money were categorised into five, namely, attacks against privacy, attacks against authentication, attacks against confidentiality, attacks against integrity, and attacks against availability. The countermeasures include use of cryptographic functions (e.g., asymmetric encryption function, symmetric encryption function, and hash function) and personal identification (e.g., number-based and biometric-based countermeasures). This review study reveals that the current 2FA scheme for mobile money has security gaps that need to be addressed since it only uses a personal identification number (PIN) and a subscriber identity module (SIM) to authenticate users, which are susceptible to attacks. This work, therefore, will help mobile money service providers (MMSPs), decision-makers, and governments that wish to improve their current 2FA scheme for mobile money.

show abstract

“…This paper also differentiated among several phishing detection techniques. Hossain et al proposed a research paper [ 19 ] in which the author focused on phishing attacks and their categories. In addition to this, phishing mitigation techniques and best policies to avoid phishing attacks on android devices are also discussed in this paper.…”

Section: Background Studymentioning

confidence: 99%

DSmishSMS-A System to Detect Smishing SMS

Mishra

Soni

2021

Neural Comput & Applic

View full text Add to dashboard Cite

With the origin of smart homes, smart cities, and smart everything, smart phones came up as an area of magnificent growth and development. These devices became a part of daily activities of human life. This impact and growth have made these devices more vulnerable to attacks than other devices such as desktops or laptops. Text messages or SMS (Short Text Messages) are a part of smartphones through which attackers target the users. Smishing (SMS Phishing) is an attack targeting smartphone users through the medium of text messages. Though smishing is a type of phishing, it is different from phishing in many aspects like the amount of information available in the SMS, the strategy of attack, etc. Thus, detection of smishing is a challenge in the context of the minimum amount of information shared by the attacker. In the case of smishing, we have short text messages which are often in short forms or in symbolic forms. A single text message contains very few smishing-related features, and it consists of abbreviations and idioms which makes smishing detection more difficult. Detection of smishing is a challenge not only because of features constraint but also due to the scarcity of real smishing datasets. To differentiate spam messages from smishing messages, we are evaluating the legitimacy of the URL (Uniform Resource Locator) in the message. We have extracted the five most efficient features from the text messages to enable the machine learning classification using a limited number of features. In this paper, we have presented a smishing detection model comprising of two phases, Domain Checking Phase and SMS Classification Phase. We have examined the authenticity of the URL in the SMS which is a crucial part of SMS phishing detection. In our system, Domain Checking Phase scrutinizes the authenticity of the URL. SMS Classification Phase examines the text contents of the messages and extracts some efficient features. Finally, the system classifies the messages using Backpropagation Algorithm and compares results with three traditional classifiers. A prototype of the system has been developed and evaluated using SMS datasets. The results of the evaluation achieved an accuracy of 97.93% which shows the proposed method is very efficient for the detection of smishing messages.

show abstract

Mobile Phishing Attacks and Mitigation Techniques

Cited by 33 publications

References 2 publications

A Case-Based Reasoning Approach for Automatic Adaptation of Classifiers in Mobile Phishing Detection

A Case-Based Reasoning Approach for Automatic Adaptation of Classifiers in Mobile Phishing Detection

Two-Factor Authentication Scheme for Mobile Money: A Review of Threat Models and Countermeasures

DSmishSMS-A System to Detect Smishing SMS

Contact Info

Product

Resources

About