Daniel Timko (California State University San Marcos), Daniel Hernandez Castillo (California State University San Marcos), Muhammad Lutfor Rahman (California State University San Marcos)

With the booming popularity of smartphones, threats related to these devices are increasingly on the rise. Smishing, a combination of SMS (Short Message Service) and phishing has emerged as a treacherous cyber threat used by malicious actors to deceive users, aiming to steal sensitive information, money or install malware on their mobile devices. Despite the increase in smishing attacks in recent years, there are very few studies aimed at understanding the factors that contribute to a user’s ability to differentiate real from fake messages. To address this gap in knowledge, we have conducted an online survey on smishing detection with 187 participants. In this study, we presented them with 16 SMS screenshots and evaluated how different factors affect their decision making process in smishing detection. Next, we conducted a post-survey to garner information on the participants’ security attitudes, behavior and knowledge. Our results highlighted that attention and Revised Security Behavior Intentions Scale (RSeBIS) scores had a significant impact on participants’ accuracy in identifying smishing messages. We found that participants had more difficulty identifying real messages from fake ones, with an accuracy of 67.1% with fake messages and 43.6% with real messages. Our study is crucial in developing proactive strategies to encounter and mitigate smishing attacks. By understanding what factors influence smishing detection, we aim to bolster users’ resilience against such threats and create a safer digital environment for all.

View More Papers

“So I Sold My Soul“: Effects of Dark Patterns...

Oksana Kulyk (ITU Copenhagen), Willard Rafnsson (IT University of Copenhagen), Ida Marie Borberg, Rene Hougard Pedersen

Read More

Cross-National Study on Phishing Resilience

Shakthidhar Reddy Gopavaram (Indiana University), Jayati Dev (Indiana University), Marthie Grobler (CSIRO’s Data61), DongInn Kim (Indiana University), Sanchari Das (University of Denver), L. Jean Camp (Indiana University)

Read More

Security Signals: Making Web Security Posture Measurable at Scale

Michele Spagnuolo (Google), David Dworken (Google), Artur Janc (Google), Santiago Díaz (Google), Lukas Weichselbaum (Google)

Read More

In Control with no Control: Perceptions and Reality of...

Jason Morris, Ingolf Becker, Simon Parkin (University College London)

Read More