A Smishing Detection Method Based on SMS Contents Analysis and URL Inspection Using Google Engine and VirusTotal

Abstract

    Smishing is the delivery of phishing content to mobile users via a short message service (SMS). SMS allows cybercriminals to reach out to mobile end users in a new way, attempting to deliver phishing messages, mobile malware, and online scams that appear to be from a trusted brand. This paper proposes a new method for detecting smishing by combining two detection methods. The first method is uniform resource locators (URL) analysis, which employs a novel combination of the Google engine and VirusTotal. The second method involves examining SMS content to extract efficient features and classify messages as ham or smishing based on keywords contained within them using four well-known classifiers: support vector machine (SVM), random forest (RF), adaptive boosting (AdaBoost), and extreme gradient boosting (XGBoost). The best results of the proposed method were 98.5%, 96.9%, 93.1%, and 95.05% in terms of accuracy, precision, detection rate, and F1-score, respectively. Furthermore, the evaluation results of the proposed method outperformed the state-of-the-art and showed that the proposed method is effective in detecting smishing messages.