How Smishing Attacks are Targeting your Smartphones

By: Vanna karthik; Vel Tech University, Chennai, India

Abstract

A common cyberthreat that targets smartphone users is smishing, a combination of SMS and phishing. The dynamics of smishing attacks, their methods, and their consequences for mobile security are examined in this research. It reviews recent trends and data to paint a picture both of the increased sophistication in these attacks and the vulnerabilities they capitalize on. It then turns to the measures individuals and organizations may take to mitigate the risks of smishing. The more mobile phones become part of daily life, the more that understanding and addressing risks with smishing are integral to user protection and confidence in the technology itself.

Introduction

Smartphones’ growing popularity has transformed information access, communication, and business. Although mobile technology is convenient, there are new security dangers associated with it. Smishing, a type of phishing that employs SMS texts to trick victims into disclosing personal information or downloading harmful software, is one such difficulty. By using social engineering techniques to take advantage of human vulnerabilities, smishing attacks have grown more complex [1]. The nature of smishing attacks, their impact on smartphone users, and countermeasures for this ever-evolving danger are all covered in this study. As the use of mobile devices for both personal and professional purposes is increasing day by day, it becomes all the more imperative to understand how smishing works and how to avoid it.

How smishing works

According to the [2]. the working of smishing is explained in the following steps

Target selection : Targets are chosen by cybercriminals. This selection can be more targeted, focusing on specific people based on information sold on the Dark Web or data gathered from recent breaches, or it might be random, using a large list of phone numbers.

Crafting the message : The attackers design a misleading text message that triggers a particular response or feeling, such urgency, fear, or curiosity. A call to action, such as clicking a link or dialing a number, is usually included in this message.

Message delivery : The smishing message is sent to the chosen targets by the attacker via SMS gateways, spoofing tools, or hacked smartphones.

Interaction : The victim is prompted to act upon getting the message. This could include phoning an allocated phone number, responding with personal information, or clicking on a link that has been provided.

Data collection : If the victim responds as the attacker wants, a number of things could happen. They may enter money or personal information on a false website. Or they can mistakenly infect their gadget with harmful software. They could be tricked into giving information by speaking or facing charges if they call a number.

Use of stolen information : Once the attacker has the necessary data, they can use it for a number of criminal activities, including identity theft, illegal transactions, black market data sales, and more focused attacks.

Types of smishing attacks

According to the [3]. Here mention some types of smishing attacks

Delivery notification and package tracking smishing : One of the most frequent kinds of smishing attacks, particularly during holidays or significant sales occasions, is package delivery scams. A fake text from FedEx, UPS, or USPS may inform you of a delivery issue or ask for an update on shipping information. The purpose of the fraudulent language is to fool you into clicking on a dangerous link or disclosing sensitive information.

Financial services smishing scam : Since practically everyone maintains their finances through banks and credit card details, financial services smishing schemes depend on this fact. In order to obtain sensitive information from you, such as your Social Security number, address, phone number, password, email, and more, these smishing messages seem to be trustworthy financial institutions. Smishers frequently send fraud alerts to their targets, alerting them to questionable activity on their account and urging them to click on a malicious link or contact an unauthorized phone number.

Conformation smishing scam: Fake confirmation requests are used in confirmation smishing scams to trick you into disclosing private information. This might be for a business owner’s payment, an online order, or a meeting that is coming up. A link in the smishing SMS can take you to a website that requests sensitive information, such as login credentials, to confirm the scheduled meeting or purchase.

Customer support smishing scam : Customer service Smishing schemes send smishing SMS that look like any business a consumer may trust, not only credit card agencies or banks. They can pretend to be an agent from a merchant or internet company alerting you to a problem with your account. They’ll give you advice on how to fix the problem, which can involve sending you to a fraudulent website that has malware on it.

Gift or giveaway smishing scam : This kind of smishing attack tries to trick you into clicking on a malicious link in order to collect your prize by offering you a free gift or promoting a false contest giveaway. Your “gift” could be a malware-infected device if you click on the link and are taken to a website.

Here mentioned some samples of smishing:

Studies offer an in depth understanding of the different forms of smishing and how it functions It is very much acknowledged in the literature that stringent technology protections and user education are called for in reducing the risks related to smishing. The ever-growing body of research underlines how important it is to keep pace with cybercriminals’ strategies by refreshing security procedures and public awareness on a regular basis.

Conclusion

Smishing attacks, which exploit both technological and human errors, pose a severe threat to smartphone users. It becomes evident from this study that multi-vector strategies, especially for improving users’ education and embedding adequate security measures and continuous monitoring for threats, play an important role in preventing or limiting smishing. Users and organizations should be alert to take the steps necessary to avoid smishing as scammers are continually refining their techniques. It also shows that technology can provide considerable protections in this field, but user awareness and behavioral changes are required to halt these unethical practices. Further research in the future should focus on developing more and more sophisticated detection techniques and increasing public awareness so as to bring down drastically the incidence of smishing.

References

1. K. Kontogeorgopoulos and K. Kritikos, “Overview of Social Engineering Protection and Prevention Methods,” in Computer Security. ESORICS 2023 International Workshops, S. Katsikas, F. Cuppens, N. Cuppens-Boulahia, C. Lambrinoudakis, J. Garcia-Alfaro, G. Navarro-Arribas, P. Nespoli, C. Kalloniatis, J. Mylopoulos, A. Antón, and S. Gritzalis, Eds., Cham: Springer Nature Switzerland, 2024, pp. 64–83. doi: 10.1007/978-3-031-54204-6_4.
2. “What Is Smishing? Examples, Protection & More | Proofpoint US,” Proofpoint. Accessed: Jan. 07, 2025. [Online]. Available: https://www.proofpoint.com/us/threat-reference/smishing
3. “What is smishing + attack protection tips for 2024.” Accessed: Jan. 07, 2025. [Online]. Available: https://us.norton.com/blog/emerging-threats/smishing
4. Hammad, M., Abd El-Latif, A. A., Hussain, A., Abd El-Samie, F. E., Gupta, B. B., Ugail, H., & Sedik, A. (2022). Deep learning models for arrhythmia detection in IoT healthcare applications. Computers and Electrical Engineering, 100, 108011.
5. Zhou, Z., Gaurav, A., Gupta, B. B., Lytras, M. D., & Razzak, I. (2021). A fine-grained access control and security approach for intelligent vehicular transport in 6G communication system. IEEE transactions on intelligent transportation systems, 23(7), 9726-9735.
6. Xu, M., Peng, J., Gupta, B. B., Kang, J., Xiong, Z., Li, Z., & Abd El-Latif, A. A. (2021). Multiagent federated reinforcement learning for secure incentive mechanism in intelligent cyber–physical systems. IEEE Internet of Things Journal, 9(22), 22095-22108.
7. Navaneeth J. (2024) The Future of Cyber Defense: Machine Learning and Phishing, Insights2Techinfo, pp.1

Cite As

Karthik V. (2025) How Smishing Attacks are Targeting your Smartphones, Insights2techinfo pp.1

850100cookie-checkHow Smishing Attacks are Targeting your Smartphonesyes