An Overview of Existing Smishing Detection Mechanisms Strengths and Weaknesses

By: Mosiur Rahaman, International Center for AI and Cyber Security Research and Innovation, Asia University, Taiwan

Abstract:

The widespread use of text messaging in the age of technology has regretfully made room for SMS phishing, often known as “smishing,” a dishonest tactic in which scammers send fake texts to evade users and get private information and this problem is not minor. The current state of smishing detection techniques is reviewed in this research, which divides them into rule-based, machine learning-based, and hybrid methods. Their advantages like scalability, flexibility, and ease of use as well as disadvantages like high false positive rates, resource consumption, and vulnerability to new attacks are examined.

Introduction:

As a common type of cybercrime, SMS phishing, often known as “smishing,” is damaging the digital environment on a daily basis. This approach undermines not just personal privacy but also the safety of global institutions. The complicated and dynamic character of smishing attacks persist in testing current approaches to detection, even with an increasing amount of cybersecurity research. Current research, such that conducted by, emphasizes the complexity of psychological strategies used in phishing and stresses the need of user knowledge in minimizing risks [1].

We still don’t fully grasp how new approaches to machine learning and natural language processing (NLP) may be especially intended to reduce smishing threats. To fill this void, our research thoroughly examines NLP and ML techniques, evaluating their capacity to improve SMS phishing attack detection and prevention [2]. In order to close the gap between generic phishing defences and those created especially to prevent smishing, this research will combine the most recent results on phishing detection with a targeted analysis of smishing.

Smishing Detection Mechanisms:

Content Based Analysis:

A program called SMS Text Analyst will examine the messages’ information. It will categorize a message based on whether it contains a URL, Self-Answering Link (SAL), phone number, or email address [3]. SAL and URL-containing SMSs will be managed individually, while TfIdf Vectorizer manages SMSs with phone numbers and email addresses. Shown in Fig 1 in details and strength and weakness shown in Table 1.

Figure 1:Smishing Detection Mechanism

Table 1:Content Based Analysis Strength and Weakness

Strength

  1. Rule-based systems are useful to detect typical scams because they can rapidly recognize smishing interaction that contain commonly used phrases or trends.
  2. Users can comprehend why a communication was detected as harmful because to these systems’ strong understanding.
  3. Smartphone applications and SMS gateways can easily include content-based approaches.

Weakness

  1. Modern smishing messages that employ concealment strategies, including incorrect spelling or phrases, are not recognized by conventional rules.
  2. Users’ belief in the system may be undermined if true messages with odd wording are mistakenly marked.
  3. Keeping an accurate rule set requires periodic changes, which raises expenditures for upkeep

Behavioural Analysis:

Behavioural analysis can be used in the context of smishing attacks to determine how people engage with apps for messaging and messages in general. By detecting changes in a user’s behaviour, behavioural analysis is an approach to identify phishing attempts [4]. Strength and weakness shown in Table 2.

Table 2:strength and weakness of Behavioural Analysis

Strength

  1. These techniques are less susceptible to language differences or message tampering since they examine sender behaviour.
  2. By recognizing trends in real time, theories of behaviour can adjust to new smishing strategies.
  3. By observing message flows throughout networks, these methods are able to identify smishing on a deeper level.

Weakness

  1. Behavioural data collection presents serious privacy concerns, particularly in countries with robust data protection laws.
  2. Instantaneous correspondent behaviour monitoring is difficult for contexts with limited assets as it requires significant processing capacity.
  3. Abnormal characteristics from authorized recipients might result in their erroneous which would leave smishing notifications unknown.

Machine Learning Approaches:

Convolutional Neural Networks (CNNs) and Bidirectional Gated Recurrent Units (Bi-GRUs) are combined in a hybrid deep learning model called CNN-Bi-GRU. By utilizing the advantages of both architectures, the model seeks to improve scams detection accuracy and surpass current methods in detecting phishing messages[5]. Strength and weakness shown in Table 3.

Table 3:Strength and weakness of machine Learning Approaches

Strength

  1. Machine learning models in particular, deep learning architectures are excellent at spotting small patterns in text and content that point to smishing.
  2. Machine learning models can handle huge quantities of data effectively after training, which qualifies them for widespread implementation.
  3. To ensure their ongoing applicability, machine learning algorithms may be retrained to consider actual threat intelligence.

Weakness

  1. The model’s performance is strongly influenced by the level of quality and variety of data in the training dataset. False projections may result from biased or out-of-date datasets.
  2. Building and ongoing operation of deep learning algorithms need substantial computational resources and specialized knowledge.
  3. It can be hard to explain why a message is marked as smishing since black-box machine learning algorithms are sometimes hard to understand.

Hybrid Methods:

Strength:

  1. Hybrid systems generate higher precision and resilience against a variety of smishing strategies by integrating complimentary techniques.
  2. Hybrid methods provide a comprehensive detection mechanism by addressing both behavioural and content-based irregularities.
  3. These methods are more efficient because they are less vulnerable to certain avoidance techniques.

Weakness:

  1. Management and development become more difficult when several approaches are merged.
  2. The adoption of hybrid systems in situations with limited resources may be restricted by their high computational and storage necessities.
  3. Using more than one detection phase might cause delays in immediate detection, which would affect an individual’s satisfaction.

Conclusion:

In order to address an increasing risk of SMS-based scams, smishing detection systems have advanced considerably. Still, their advantages are frequently masked by drawbacks that prevent broad use and efficacy. While behavioural and machine learning approaches offer stability at the expense of complexity, content-based solutions are simple but lack flexibility. Although hybrid approaches have potential, they still need to be improved to strike a balance between effectiveness and usability.

Reference:

  1. M. Alawida, A. E. Omolara, O. I. Abiodun, and M. Al-Rajab, “A deeper look into cybersecurity issues in the wake of Covid-19: A survey,” Journal of King Saud University – Computer and Information Sciences, vol. 34, no. 10, Part A, pp. 8176–8206, Nov. 2022, doi: 10.1016/j.jksuci.2022.08.003.
  2. A. Alhogail and A. Alsabih, “Applying machine learning and natural language processing to detect phishing email,” Computers & Security, vol. 110, p. 102414, Nov. 2021, doi: 10.1016/j.cose.2021.102414.
  3. M. Babaee and H. Sarabadani, “Data Analytics in Text Messages: A Mobile Network Operator Case Study,” in 2018 9th International Symposium on Telecommunications (IST), Dec. 2018, pp. 330–336. doi: 10.1109/IS℡.2018.8660969.
  4. L. Ribeiro, I. S. Guedes, and C. S. Cardoso, “Which factors predict susceptibility to phishing? An empirical study,” Computers & Security, vol. 136, p. 103558, Jan. 2024, doi: 10.1016/j.cose.2023.103558.
  5. M. Abumohsen, A. Y. Owda, M. Owda, and A. Abumihsan, “Hybrid machine learning model combining of CNN-LSTM-RF for time series forecasting of Solar Power Generation,” e-Prime – Advances in Electrical Engineering, Electronics and Energy, vol. 9, p. 100636, Sep. 2024, doi: 10.1016/j.prime.2024.100636.
  6. Katiyar A. (2024) Social Engineering Phishing Detection, Insights2Techinfo, pp.1

Cite As

Rahaman M. (2025) An Overview of Existing Smishing Detection Mechanisms Strengths and Weaknesses, Insights2Techinfo, pp.1

81130cookie-checkAn Overview of Existing Smishing Detection Mechanisms Strengths and Weaknesses
Share this:

Leave a Reply

Your email address will not be published.