RAJAT KHAJURIA | MIT | 26-01-2018
TABLE OF CONTENTS
1.INTRODUCTION AND DEFINATION……………………………………………………………………
INTRODUCTION AND DEFINATION
Cyber threats such as
unsolicited emails, malicious software, viruses, spyware, Distributed Denial of
Service (DDoS) attacks, and social engineering attacks exploit the security of
smartphone devices. One such cyber threat is “Phishing Attack”. Phishing is an
online spoofing mechanism in which social engineering messages are communicated
via electronic communication channels to prompt users to perform certain
actions for the benefit of attacker. Attackers launch phishing attack for
social or financial gains. Although, a significant amount of work has been done
to detect phishing attacks but still it is one of the most serious crimes over
the Internet. A recent report by Anti-Phishing Working Group (APWG) shows that
in 2016, the total number of unique phishing attacks detected were 1,220,523,
which is an increase of 65% over 2015.
is an online identity theft in which an attacker tries to steal user’s personal
information, resulting in financial loss of individuals as well as organizations.
Now-a-days, mobile devices especially smartphones are increasingly being used
by the users due to a wide range of functionalities they provide. These devices
are very compact and provide functionalities similar to those of desktop computers
due to which attackers are now targeting the mobile device users. However,
detection of mobile phishing attack is a different problem from desktop
phishing due to the dissimilar architectures of both. Moreover, identification
of mobile phishing attack with high accuracy is an important research issue as
not much amount of work has been done in this field. Many anti-phishing
solutions for mobile devices have been proposed till date but still there is a
lack of a full fledge solution. The primary objective of this paper is to do a
detailed analysis on mobile phishing – attacking techniques and defense
mechanisms. We present this paper in four folds. First, we discuss in detail
about mobile phishing attack, its history, motivation of attackers, and security
concerns of smartphones. Second, we analyses various mobile phishing attacks
and provide a taxonomy of the same. Third, we provide taxonomy of numerous
recently proposed solutions that detect and defend users from mobile phishing
attacks. Forth, we discuss different issues and challenges faced by researchers
while dealing with mobile phishing attacks. In addition, we have also discussed
datasets and evaluation matrices used by researchers for evaluating their
is one of the most significant problems faced by Internet users. User education
is important in order to create awareness among the users about phishing
attacks. Phishing is a social engineering attack. Hence, educating the user is
important to avoid phishing attack. Education based approaches include showing
warnings, and online training through games.
Active and passive warnings:
User interface shows warning depending upon the action
triggered as deployed by many web browsers. The warning can be a passive
warning that only shows the warning and relies on the users to perform certain
action while active warning does not rely on the user to perform some action
and block the content itself. Users do not pay attention to the warnings.
Studies have shown that passive warnings are less effective as compared to
through mobile games:
of the important factor in avoiding phishing attack is to train users which
leads to correct identification of phishing and legitimate instances. Various
methods are there to train the users. To develop conceptual knowledge about
phishing attacks, various mobile games are being developed to educate the
users. With the increase in use of Internet technology, the risk of mobile
device users falling victim to phishing attacks have also increased. So mobile
games can be used to train the users which further helps in reducing the phishing
threat. Asanka et al. designed one such game. The game is about educating the
users about phishing emails and phishing URLs so that the user is able to
differentiate between phishing and legitimate emails and URLs. The prototype of
the game was implemented on Google App Inventor Emulator. In another approach,
Asanka el at. Developed a game by
identifying the elements that are needed to be addressed to avoid
phishing attacks for educating users. In addition, Asanka et al. 75 designed
a gaming approach by combining conceptual and procedural knowledge to educate users. The approach
integrates “self-efficiency” to the anti-phishing educational game in order to
enhance user’s behavior to avoid phishing attacks.
of smashing and spam SMSes
messages consist of a text message and a URL which when opened perform
malicious activity. Attackers use social engineering approach to target victims
and users are easily attacked by it. For detecting smishing or spam messages,
different classifiers that make use of effective feature set are used. comparative analysis of various smishing
detection approaches. Various approaches for detecting smishing and spam
messages are discussed below.
et al. proposed a security model “S
Detector” for detecting and blocking smishing messages. Naïve Bayesian
Classifier is used to differentiate between smishing and normal messages by
extracting the words most often used in smishing messages. S-Detector consist
of four components – SMS monitor, SMS determinant, SMS analyser, and Database.
takes the following steps to distinguish normal messages from Smishing
When a text message is received, SMS monitor records the logs and timestamps of
the communicated SMS message.
It is checked if the telephone number is already registered in blacklist
It is determined if the text message contains a URL. If yes, accesses that URL.
It is checked if an APK file is downloaded on access to the URL. If an APK file
is downloaded, it is regarded as smishing message and is blocked, else content
of the message is analysed.
Pre-processing is done to separate the strings from the text message and
morpheme unit are extracted. Then a weight value is assigned to each word using
Naïve Bayes algorithm.
6) If weight is more than or same as threshold, the
message is labelled as a Smishing message and is blocked. Otherwise, it is
categorised as a normal message.
et al. proposed a mobile spam messages filtering application “SMSAssassin”
based on Bayesian learning. Support Vector Machine (SVM) is used along with
Bayesian learning in order to achieve higher accuracy. Spam SMS consist of
patterns and keywords that are changed frequently. Crowd-sourcing is used to
keep the list of patterns updated. During the training stage, the occurrence of
each word in spam and ham messages is computed to determine whether a word
belongs to ham or spam. After training, the spaminess probability of SMS is
calculated, and if it is above a certain threshold, then it is regarded as spam
message. To keep track of spam keywords, SMSAssassin uses GlobalSpamKeywords at
the server and SpamKeywordsFreq list in mobile phones. The mobile application
also maintains a UserPreferencesList under which user can mention ham/spam
keywords according to his choice or preferences. Users having SMSAssassin
application in their mobile phones can share reported spam list. Authors
collected a total of 4318 SMSes using crowdsourcing. Bayesian learning
technique gives 97% classification accuracy in ham SMSes, 72.5% classification
accuracy in spam. Table 6 shows the list of effective features for detecting
Cell Algorithm (DCA) based approach:
et al. proposed a technique for filtering multimodal textual messages including
emails and short messages. Inspired from the human immune system and hybrid
machine learning methodologies, the author proposed a method for information
fusion. Various features obtained from the received messages were analyzed with
the help of machine learning algorithm. They developed a framework based on DCA
for mobile spam filtering by fusing output from machine learning algorithms.
normalization and semantic indexing based approach:
et al. proposed a mechanism that normalizes and expands the short and noisy
text messages. Semantic and lexicographic dictionaries are used for this
purpose. The text is processed in three stages- text normalization, concept
generation, word sense dis-ambiguity. Text normalization normalizes and
translates each term into its canonical form and uses two dictionaries – first
is English dictionary and second is lingo dictionary. Concept generation
is used to obtain every meaning or
concept related to a particular term. Word sense dis-ambiguity is used to find
the most relevant concept or meaning according to the context of the message.
Concept generation and word sense dis-ambiguity uses LDB BabelNet Repository.
Authors concluded that with the help of text processing, classification performance
can be enhanced. The system improves the quality of the attributes obtained,
which in turn improves the classification accuracy.
detection using text content
Karami et al. proposed a content based approach which instead
of depending on individual word, uses a semantic group of words as features.
Linguistic Inquiry and Word Count (LIWC) and SMS Specific (SMSS) features are
the two semantic categories of features used by the researchers that helps to
reduce the feature set, in turn improving the efficiency of the approach. There
are two phases in the system – feature extraction and classification. Machine
learning algorithm is used for classification. Accuracy of the system lies from
92% to 98%.
application “Smishing defender” was developed by Hauri Inc. that detects and
blocks phishing SMS messages in Android smartphones. The application monitors
the text messages received and notifies the user on the reception of smishing
message. The application also provides a feature with which suspicious message
can be sent to Hauri for further analysis.
volume of data in smartphone devices requires efficient and effective text
classification methods. Silva et al.developed “MDLText” which is an efficient,
scalable, fast, and lightweight multinomial text classifier based on the
Minimum Description Length principle. MDLText is robust, learns faster and
avoids over-fitting problem. Due to incremental learning, the scheme can be
used in online as well as dynamic scenarios. Even with large volume of data,
MDLText has lower computational cost.
smishing in cloud computing environments:-
et al.proposed a technique to detect smishing messages using cloud virtual
environment. The proposed technique checks for source of the message, content
and location of the server and takes decision accordingly. Smishing detection
probability is increased by using program interface analysis and filtering so
as to minimize incorrect detection. On receiving a message, the user can
compute the risk of the message in virtual environment and processing is also
done there. When the process is completed, the screenshot and the report is
sent to the user. Based on the report, user can determine if the message is
smishing or not which in turn reduces the incomplete and false detection.
framework for SMS Spam Filtering:-
et al. proposed a framework for SMS spam filtering. To find various features of
SMS, it uses two feature selection methods that are based on chi-square (CHI2)
matrices and information gain (IG). Features are fed to the Bayesian classifier
to classify the SMS as ham or spam. The scheme was designed for android mobile
phone users and evaluated on large set of SMSes including legitimate and spam
messages and output shows that system gives accurate results in detecting both
ham as well as spam messages. Feature selection process is discussed below.
Authentication scheme using QR-code:
protect the personal information from phishing attacks on mobile devices Choi
et al. proposed a Single-Sign-On authentication
scheme based on QR-code. This scheme has addressed the limitation of
Single-sign-on which allows the user to access multiple applications with
single username and password. In the proposed approach, server generates a
random key which is used for secure communication. This scheme works in three
phases. First is login request phase, second is QR-code generation phase, and third is
verification phase. The scheme
encrypts the information due to which attacker cannot obtain the information
even if the information is exposed to them.
aim of phishing attack is to steal user’s personal information. Although
phishing attack has been targeting the desktop users from a very long time, but
now the attackers have shifted their focus to mobile device users. When it
comes to mobile phones, the attackers have numerous ways to reach the user and
some of them include SMS, mobile applications, e-mails, mobile web browsers,
and MMS. Due to small screen size, inconvenience of user input, lack of
awareness, mobile device users are three times more vulnerable to phishing
attacks as compared to desktop users. Mobile webpages are different from their
desktop counterparts in terms of content, layout, and functionality. So
separate techniques are needed to avoid these attacks on mobile devices.
engineering is one of the most widely used methods to acquire user’s
information using fake websites, emails, or SMSes. Fraud messages are sent to
victims asking them to update their details. Malicious software is installed in
user’s device either by sending the malicious links or making it available on
the application store. It is difficult for the users to ignore SMS they receive
on their mobile devices.
User education or training is necessary for creating awareness among the
users so that their susceptibility to fall victim to phishing attack can be
reduced. Various mobile games have been developed to educate the users about
phishing attacks but education alone cannot guarantee positive behaviour
reaction. Education is necessary but not sufficient in avoiding phishing
attacks. User education along with software solutions are required. This paper
provides an overview of mobile phishing attacks and various anti-phishing
solutions available. Taxonomy of phishing defence mechanism will help users to
have an understanding of the topic. There is a broad scope of research that can
be done to develop new defence mechanisms to fight against mobile phishing
attack, specifically considering the variation of devices.
1 Khonji, M., Iraqi, Y., & Jones, A.
(2013). Phishing detection: a literature survey. IEEE Communications Surveys
& Tutorials, 15(4), 2091-2121.
2 Foozy, C. F. M., Ahmad, R.,
, M. F. (2013). Phishing detection taxonomy for mobile device. International
Journal of Computer Science Issues (IJCSI), 10(1), 338-344.
CAPEC-164: Mobile Phishing. https://capec.mitre.org/data/definitions/164.html. Accessed June 2017.
Choudhary, N., & Jain, A. K. (2017). Towards Filtering of SMS Spam Messages
Using Machine Learning Based Technique. In Advanced Informatics for
Computing Research (pp. 18-30). Springer, Singapore.
Kessem, L. (2012) Rogue Mobile Apps, Phishing, Malware and Fraud.
Internet Security Threat Report 2014, Vol. 19.
Accessed July 2017.
(2017) http://www.phishingpro.com/. Accessed July 2017.
8 PhishLabs (2017)
Accessed July 2017.
9 Anti-Phishing Working Group (APWG)
(2016) Phishing activity trends report—first quarter 2016.
http://docs.apwg.org/reports/apwg_trends_report_q1_2016.pdf. Accessed June
10 Anti-Phishing Working Group (APWG)
(2016) Phishing activity trends report—second quarter 2016.
http://docs.apwg.org/reports/apwg_trends_report_q2_2016.pdf. Accessed June
Anti-Phishing Working Group (APWG) (2016) Phishing activity trends report—third
quarter 2016. http://docs.apwg.org/reports/apwg_trends_report_q3_2016.pdf.
Accessed June 2017.
12 Anti-Phishing Working Group (APWG)
(2016) Phishing activity trends report—fourth quarter 2016. http://docs.apwg.org/reports/apwg_trends_report_q4_2016.pdf.
Accessed June 2017.
13 Techopedia Communication Media
https://www.techopedia.com/definition/14462/communication-media. Accessed July
14 FireEye Best Defense against Spear
Accessed July 2017.
15 Almomani, A., Gupta, B. B., Atawneh,
S., Meulenberg, A., , E. (2013). A survey of phishing email
filtering techniques. IEEE communications surveys & tutorials, 15(4),
16 Wu, L., Du, X., & Wu, J. (2016).
Effective defense schemes for phishing attacks on mobile computing platforms. IEEE
Transactions on Vehicular Technology, 65(8), 6678-6691.
17 Advantis Beware of Phishing Scams in
Accessed July 2017.
18 Lifewire VoIP Phishing – What is VoIP
Phishing and How Does It Work (2016).
https://www.lifewire.com/voip-phishing-3426534. Accessed July 2017.
19 The Honeynet Project Phishing Technique
One – Phishing through Compromised Web Servers (2008).
https://www.honeynet.org/node/90. Accessed July 2017.
20 PCWorldTypes of Phishing Attacks
http://www.pcworld.com/article/135293/article.html. Accessed July 2017.
21 PHISHING.org Phishing techniques
http://www.phishing.org/phishing-techniques. Accessed July 2017.
22 He, D., Chan, S., , M.
(2015). Mobile application security: malware threats and defenses. IEEE
Wireless Communications, 22(1), 138-144.
23 Amrutkar, C., Kim, Y. S., ,
P. (2017). Detecting mobile malicious webpages in real time. IEEE
Transactions on Mobile Computing, 16(8), 2184-2197.
24 Arachchilage, N. A. G., & Cole, M.
(2016). Designing a mobile game for home computer users to protect against
phishing attacks. arXiv preprint arXiv:1602.03929.
25 Joo, J. W., Moon, S. Y., Singh, S.,
& Park, J. H. (2017). S-Detector: an enhanced security model for detecting
Smishing attack for mobile computing. Telecommunication Systems, 1-10.
26 Yadav, K., Kumaraguru, P., Goyal, A.,
Gupta, A., , V. (2011, March). Smsassassin: Crowdsourcing driven
mobile-based system for sms spam filtering. In Proceedings of the 12th
Workshop on Mobile Computing Systems and Applications (pp. 1-6). ACM.
27 El-Alfy, E. S. M., , A. A.
(2016). Spam filtering framework for multimodal mobile communication based on
dendritic cell algorithm. Future Generation Computer Systems, 64,
28 Almeida, T. A., Silva, T. P., Santos,
I., & Hidalgo, J. M. G. (2016). Text normalization and semantic indexing to
enhance Instant Messaging and SMS spam filtering. Knowledge-Based Systems,
29 Tripathi, S. J., , V. S.
(2017). Design the Framework for Detecting Malicious Mobile Webpages in Real
Time. International Journal of Engineering Science, 11884.
30 Choi, K., Lee, C., Jeon, W., Lee, K.,
& Won, D. (2011, September). A mobile based anti-phishing authentication
scheme using QR code. In Mobile IT Convergence (ICMIC), 2011 International
Conference on (pp. 109-113). IEEE.
31 Asanka, N., Love, S., & Scott, M.
(2012). Designing a mobile game to teach conceptual knowledge of
avoiding’phishing attacks’. International Journal for e-Learning Security,
32 SMS spam collection v.1 (2011).
http://www.dt.fee.unicamp.br/~tiago/smsspamcollection/. Accessed June 2017.
33 DIT DIT SMS spam dataset (2012).
http://www.dit.ie/computing/research/resources/smsdata/. Accessed June 2017.
34 Delany, S. J., Buckley, M., &
Greene, D. (2012). SMS spam filtering: Methods and data. Expert Systems with
Applications, 39(10), 9899-9908.
35 Moore, T., Clayton, R., & Stern, H.
(2009, April). Temporal Correlations between Spam and Phishing Websites. In LEET.
36 Sharifi, M., , S. H. (2008,
March). A phishing sites blacklist generator. In Computer Systems and
Applications, 2008. AICCSA 2008. IEEE/ACS International Conference on (pp.
37 Singh, H. P., Singh, S., Singh, J.,
& Khan, S. A. (2014). VoIP: State of art for global connectivity—A critical
review. Journal of Network and Computer Applications, 37,
38 Ott, M., Choi, Y., Cardie, C., &
Hancock, J. T. (2011, June). Finding deceptive opinion spam by any stretch of
the imagination. In Proceedings of the 49th Annual Meeting of the
Association for Computational Linguistics: Human Language Technologies-Volume 1
(pp. 309-319). Association for Computational Linguistics.
39 Ott, M., Cardie, C., & Hancock, J.
T. (2013, June). Negative Deceptive Opinion Spam. In HLT-NAACL (pp.
OpenPhishhttps://openphish.com/. Accessed July 2017.